HR Toolkit – Small Business Compliance Guide
Introduction
Small businesses play a crucial role in the U.S. economy and are frequently regarded as a major contributor to the nation’s financial growth. According to the U.S. Census Bureau, the majority of U.S. businesses have less than five employees. What constitutes a small business is typically the number of employees and the amount of money the organization brings in, but these can differ based on the industry.
Compliance obligations can present major challenges for small businesses and hinder an organization’s growth and future success. Small business compliance is complicated, as an organization’s legal obligations often depend on its size and location. Most small businesses must navigate many of the same complex legal and regulatory obligations as large employers but must do so with fewer resources. In fact, many small business owners typically take on their organizations’ compliance responsibilities in addition to their other duties. For instance, according to a study from HR solutions firm Oasis, 45% of small business owners spend approximately one day per week on administrative HR issues.
This HR Toolkit is intended to help small businesses understand the importance of compliance and better implement strategies to reduce their potential risks of noncompliance. Small businesses can use this resource to improve their understanding of their compliance obligations and explore strategies for establishing and maintaining compliance practices. This toolkit also provides an overview of common federal labor and employment laws with which small businesses must comply, along with several valuable compliance-related resources.
By reviewing the information detailed in this HR Toolkit, small businesses can improve their compliance efforts and avoid potential violations. However, this toolkit provides a broad overview of small business compliance and should not be construed as legal advice. Employers are encouraged to seek legal counsel to address specific concerns or issues.
Compliance Overview
Compliance is an essential part of business operations, regardless of an organization’s size or industry. Ensuring compliance can aid employers in mitigating risks and avoiding hefty fines, penalties and potential license revocations. It can also help organizations to become more competitive by strengthening their reputation and improving customer trust. While compliance is a major concern for all employers, it can be particularly challenging for small businesses due to a lack of resources. As a result, it’s essential for small businesses to understand compliance and the unique set of challenges it can present to their organizations.
This section provides an overview of small business compliance, including what it is and why it’s important.
What Is Compliance?
Compliance is the act of adhering to federal, state and local laws and regulations. Federal, state and local jurisdictions typically establish rules and regulations organizations must follow to legally conduct their business operations within a specific geographic area or region. These rules and regulations are often enforced through regulatory bodies that monitor and evaluate whether employers are following the applicable laws. Common compliance practices include workplace health and safety, employee behavior, organizational ethics, anticorruption measures and data management. Organizations can also establish internal rules and standards that their employees must follow.
The following are examples of compliance-related activities:
- Conducting risk assessments
- Developing and implementing policies and procedures, including internal standards
- Training employees
- Monitoring and auditing organizational compliance with laws, regulations and internal policies
- Investigating potential compliance violations and taking appropriate corrective action
- Maintaining accurate records and documentation
- Reporting compliance-related information to regulators and stakeholders, as required
- Engaging with external auditors and regulators
- Implementing controls and safeguards to prevent compliance-related violations
- Performing due diligence
Understanding the Importance of Compliance
Compliance-related activities and efforts can often be time-consuming and require significant resources; however, the benefits of adhering to federal, state and local laws and regulations can be significant for small businesses. Compliance is important for the following reasons:
Reducing Legal Risks
Compliance helps ensure that a small business’s decisions and actions are legal and ethical. This can enable an organization to minimize its risks of noncompliance, reducing its exposure to costly lawsuits, fines and penalties. In addition to paying legal fees and penalties, compliance-related issues can disrupt an employer’s operations, reducing sales and profits and lowering employee morale. By avoiding such issues, small businesses can greatly improve their chances of succeeding long-term. Further, complying with laws and regulations can allow organizations to be eligible for certain government programs and benefits.
Improving Internal Processes
Having established internal processes can assist small businesses with staying compliant. As a result, ensuring compliance is an effective way for employers to develop or improve their organization’s processes and policies. This may include establishing written policies or protocols, training employees or determining standards. Compliance can also help a small business define what drives and motivates its efforts; encourage it to form values, ethics or guiding principles; and train others, such as employees, on those core principles. Since established values and ethics can provide direction when making decisions, compliance can improve a small business’s consistency and efficiency as well as reduce errors. Additionally, compliance can be a powerful tool for long-term change, helping drive innovation and increase revenue.
Building Trust With Customers
Building trust with customers is vital to a small business’s success. When consumers trust an organization’s brand, they’re more likely to purchase products and services from them and become loyal customers. Complying with applicable laws and regulations allows small businesses to demonstrate their trustworthiness to existing and potential customers. This can help generate revenue, strengthen an organization’s reputation and increase its customer base.
Generating Revenue
Customers are more likely to purchase products or services from organizations that are compliant because consumers can be confident that what they’re purchasing is not dangerous or illegal. Therefore, small businesses that prioritize compliance are likely to see increased sales and revenue.
Compliance Challenges for Small Businesses
Compliance can be especially challenging for small businesses because they often have limited financial and personnel resources for compliance-related activities. To complicate matters, laws and regulations tend to change quickly, so it can be difficult for small businesses to dedicate the necessary time and resources to stay current on new laws and regulatory changes. As a result, small businesses have a higher risk for compliance issues than larger organizations with more resources. Therefore, small businesses need to find ways to balance other organizational priorities with their compliance-related needs because failing to follow legal or regulatory requirements can hamper short- and long-term growth.
Regulatory requirements are often complex and difficult to understand. Small businesses often lack the necessary expertise required to understand and follow federal, state and local laws. For example, they may not have dedicated compliance experts, such as HR, legal or other compliance professionals, with specialized knowledge and expertise to help an organization navigate and comply with complex laws and regulations.
Addressing Compliance Risks
Compliance risks are an organization’s potential exposure to fines, penalties, legal fees and reputational damage for failing to adhere to laws and regulations. To avoid these risks, organizations must stay informed of laws, regulations and specific industry standards. Regardless of size and industry, every organization faces a certain amount of compliance risk; in fact, these risks have increased significantly over the last few years due to new and complex laws and regulations, including employment and employee benefits laws, corporate compliance requirements and tax regulations. Successful businesses tend to minimize their risk exposure.
Small businesses are particularly vulnerable to compliance risks compared to larger organizations because they often do not have dedicated HR professionals or other compliance personnel, making it more difficult to navigate complex laws and regulations. Despite their limited resources, small businesses should prioritize minimizing the risk of compliance failures since they can lead to legal issues, work stoppages, data or security breaches and reputational harm.
Being aware of common mistakes can allow small businesses to take action to minimize or, in some cases, eliminate risks. This can be challenging, but it’s not impossible. Establishing compliance programs or processes can help small businesses in this endeavor. These efforts may include establishing guidelines or workplace policies; monitoring federal, state and local laws and regulations; and training employees. In addition to establishing compliance-related practices and processes, small businesses can engage legal counsel or HR consultants to reduce the risk of compliance issues.
Summary
Compliance is vital for any organization. Understanding the importance of compliance can help small businesses mitigate legal risks, improve business operations, and aid in generating revenue and growth. Even though small businesses might have limited resources, they should prioritize compliance-related activities and establish practices and processes to stay compliant.
The information and resources in this HR Toolkit can help small businesses better understand their compliance needs and requirements, aid them in establishing practices and procedures to reduce their risks, and strengthen their compliance efforts.
Small Business Compliance
An employer’s size—meaning the number of employees—is a key factor in determining which federal laws, including employment, health and safety, privacy and financial laws, the employer must comply with. For example, some federal employment laws, such as the Fair Labor Standards Act (FLSA), apply to all employers, regardless of size. Other laws, such as the Family and Medical Leave Act (FMLA), only apply to employers who meet a specific employee count. It’s vital for small businesses to be aware of the size based federal laws that may apply to their organizations to ensure they’re complying with all applicable laws and regulations. This is especially important for employers who have fluctuating workforce numbers or are considering hiring additional employees.
This section provides a broad overview of key federal laws that apply to employers based on their size. It is not intended to provide or be a substitute for legal advice. While most states have their own employment laws that apply to employers based on their size, which can vary from federal requirements, this section does not address state labor and employment laws. It also does not address additional compliance requirements for employers who contract with the federal government or organizations in specific industries. Therefore, employers should consider consulting with an attorney to discuss federal, state and local laws that may apply to their organization.
Federal Employment Laws That Apply to Employers of All Sizes
The following are federal laws that apply to employers regardless of size.
Consumer Credit Protect Act (CCPA)
This law protects employees from discharge because their wages have been garnished for any one debt and limits the amount of an employee’s earnings that may be garnished in any one week. For additional resources, employers can review the U.S. Department of Labor (DOL) Wage and Hour Division’s (WHD) Employment Law Guide – Wages and Hours Worked: Wage Garnishment.
Employee Polygraph Protection Act (EEPA)
This act prohibits employers from using lie detector tests, either for preemployment screening or during the course of employment, with certain exceptions. For more information, employers can look at the DOL WHD’s Employment Law Guide: Lie Detector Tests
Employee Retirement Income Security Act (ERISA)
This law sets minimum standards for employee benefit plans, including retirement plans, such as 401(k) plans, and welfare benefit plans, including group health plans. For additional resources, employers can review the DOL’s Employee Benefits Security Administration’s website.
Equal Pay Act (EPA)
Employers must provide equal compensation to men and women who perform work in the same workplace. Employers can review the U.S. Equal Employment Opportunity Commission’s (EEOC) Facts about Equal Pay and Compensation Discrimination for additional information.
Fair Labor Standards Act (FLSA)
This law establishes minimum wage, overtime, recordkeeping and child labor standards for employers. For more resources, employers can review the DOL WHD’s Handy Reference Guide to the Fair Labor Standards Act.
Immigration Reform and Control Act (IRCA)
Employers are prohibited from hiring and retaining employees who are not authorized to work in the United States. Employers and employees must complete the Employment Eligibility Verification form (Form I-9). Employers must retain a Form I-9 for each individual hired and make it available for inspection by authorized government officers. For additional resources, employers are encouraged to review the U.S. Citizenship and Immigration Services’ Handbook for Employers.
Jury Systems Improvement Act
This law prohibits employers from discharging or taking other adverse employment action against employees who are summoned to jury duty in federal court. Most states have their own employment laws regarding jury duty. Employers can reference 28 U.S. Code Section 1875 for more information.
Occupational Safety and Health Act (OSH Act)
This act requires employers to provide a safe workplace for their employees. The Occupational Health and Safety Administration (OSHA) sets and enforces protective workplace safety and health standards. For additional resources, employers can review OSHA’s At-a-Glance guide.
Uniformed Services Employment and Reemployment Rights Act (USERRA)
This law prohibits employers from discriminating against individuals on the basis of membership in the uniformed services with regard to any aspect of employment. Employers can review the DOL’s Veteran’s Employment Training Service’s guide for more resources.
Federal Laws That Apply to Employers With 15 or More Employees
The following are federal laws that apply to employers with 15 or more employees.
Americans With Disabilities Act (ADA)
This law prohibits employers from discriminating against qualified individuals with disabilities in all employment practices, such as recruitment, compensation, hiring and firing, job assignments, training, leave and benefits. Employers are encouraged to review the EEOC’s Facts About the Americans With Disabilities Act for additional information.
Genetic Information Nondiscrimination Act (GINA)
This act prohibits employers from discriminating against employees or applicants based on their genetic information. For more resources, employers are encouraged to review the EEOC’s Fact Sheet: Genetic Information Nondiscrimination Act.
Pregnancy Discrimination Act (PDA)
This law prohibits workplace discrimination based on pregnancy, childbirth or related medical conditions. For additional information, employers can review the EEOC’s Facts About Pregnancy Discrimination.
Federal Laws That Apply to Employers With 20 or More Employees
The following are federal laws that apply to employers with 20 or more employees.
Age Discrimination in Employment Act (ADEA)
This law prohibits employers from discriminating against employees or applicants who are age 40 or older based on their age. Employers are encouraged to review the EEOC’s Facts About Age Discrimination for more information.
Consolidated Omnibus Budget Reconciliation Act (COBRA)
This act requires employer-sponsored group health plans to offer continuation coverage to eligible employees and their dependents when coverage would otherwise be lost due to certain events (e.g., termination of employment). For additional resources, employers can review the DOL’s Employee Benefits Security Administration’s An Employer’s Guide to Group Health Continuation Coverage Under COBRA.
Federal Laws That Apply to Employers With 50 or More Employees
The following are federal laws that apply to employers with 50 or more employees.
Affordable Care Act Act (ACA) – Employer Shared Responsibility Rules
Under this act, applicable large employers (ALEs) must offer affordable, minimum-value health coverage to their full-time employees (and dependents) or risk paying a penalty. An ALE will face a penalty if one or more full-time employees obtain a subsidy through the Health Insurance Marketplace. For more information, employers can review the IRS’ Questions and Answers on Employer Shared Responsibility Provisions Under the Affordable Care Act.
Family and Medica Leave Act (FMLA)
This law requires employers to provide eligible employees with unpaid, job-protected leave for specified family and medical reasons. Employers are encouraged to review the DOL WHD’s The Employer’s Guide to FMLA for additional resources.
Federal Laws That Apply to Employers With 100 or More Employees
The following are federal laws that apply to employers with 100 or more employees.
EEO-1 Report
The Employer Information Report EEO-1, commonly known as the EEO-1 Report, requires employers to submit employment data categorized by race, ethnicity, gender and job category to the EEOC each year. Employers can review the EEOC’s website on EEO-1 Component Data Collection for more information.
Worker Adjustment and Retraining Notification Act (WARN)
Employers are required to provide a 60-day advance notice to employees of imminent covered plant closings and covered mass layoffs. For additional resources, employers are encouraged to review the DOL’s Employment and Training Administration’s Employer’s Guide to Advance Notice of Closings and Layoffs.
Summary
It’s essential that small businesses are familiar with the laws that apply to their organizations and know how to best navigate them. This can enable small businesses to remain compliant, improve organizational efficiency, improve employee morale and well-being and set them up for long-term success. If small businesses have questions regarding which federal, state and local governments apply to their organizations or how to best navigate those laws, they should reach out to their local legal counsel.
Small Business Compliance Practices
Out of necessity, small businesses often focus their limited time and financial resources on growing and generating revenue. As a result, there’s little time or budget remaining to prioritize compliance-related activities. Unlike larger organizations, small businesses tend to lack the resources, expertise and personnel to dedicate to compliance activities, making compliance particularly challenging and, in some cases, extremely time-consuming. In fact, most small business owners take on the majority of their organization’s compliance obligations, with 30% of owners spending 40 hours or more each year trying to comply with state and local regulations, according to a study by the National Small Business Association. In doing so, these owners spend approximately $12,000 annually on state and local compliance. Therefore, small businesses should find ways to prioritize organizational compliance in efficient and costeffective ways.
Despite the challenges compliance presents to small businesses, noncompliance or compliance-related issues can lead to more significant problems, such as hefty fines, legal fees and reputational harm. One of the most effective ways small businesses can protect themselves and stay compliant is by establishing compliance practices and procedures. This allows small businesses to detect and prevent potential problems before they become compliance issues. However, knowing where to begin when establishing compliance practices can often seem overwhelming and daunting. Therefore, being aware of common compliance practices can help small businesses better implement strategies and solutions to improve their compliance efforts.
This section outlines effective strategies for establishing compliance practices as well as common operational challenges and compliance-triggering events. This section is not intended to provide or be a substitute for legal advice. Employers are encouraged to seek legal counsel to address specific issues and concerns.
Operational Challenges
Small businesses face multiple challenges when establishing and maintaining compliance programs and procedures. Failing to properly address these challenges can hamper an organization’s growth. Compliance activities can strain an organization’s resources and personnel who are likely already overextended. Additionally, a small business’s compliance efforts can be limited by:
- A lack of awareness or understanding of relevant laws and regulations
- Limited resources, including time, money and personnel
- Inadequate processes or systems
- An organizational culture that is resistant to change
Common Compliance-triggering Events
Even small businesses must comply with various federal, state and local laws. Failing to do so can result in costly fines, penalties and legal fees. According to a 2017 study by HelpSystems, the cost of noncompliance is 2.71 times greater than the cost of compliance since noncompliance can often result in business disruption, revenue and productivity losses, and fines, penalties and legal fees. While compliance requirements can differ depending on the industry, employer size and location, certain events often trigger a small business’s compliance obligations. Some of the events may reoccur annually, while others may be triggered by specific occurrences.
The following are examples of common events that can trigger a small business’s compliance obligations:
Identifying compliance triggers can help a small business anticipate when potential compliance risks may occur or when a legal obligation has been prompted. This can allow small businesses to adopt a proactive approach to compliance instead of simply reacting to issues.
Establishing Compliance Practices
Effective compliance practices can assist organizations with identifying potential issues before they become problems and stay compliant in a cost-effective manner. However, compliance activities can seem so overwhelming that it can often be difficult for a small business to know where to begin. Luckily, even if a small business hasn’t officially established compliance practices, it likely has instituted some basic policies and organizational governance. Reviewing what programs and procedures are already in place, even if unofficially, is a good place to start. This can guide small businesses in beginning to implement compliance processes and policies and allow them to take a holistic approach to organizational compliance practices and procedures.
There’s a common misconception that compliance practices are separate from other business practices or organizational processes. However, effective compliance procedures should be integrated with a business’s regular and established practices. This helps ensure compliance activities are completed regularly and connected to other business objectives and strategies, which can improve efficiency while reducing the chances of duplicating tasks. Additionally, the more simple and more well-defined an organization’s compliance practices, the more successful they’ll likely be.
Successful compliance practices often include these elements:
Standards and procedures—A clear set of compliance policies and procedures can establish the framework for how a small business operates. This can guide leadership decision-making, employee actions and customer interactions.
Authority—Compliance practices are generally most successful when there’s a dedicated individual or group of people responsible for overseeing and ensuring organizational compliance. Additionally, for compliance practices to be successful, they need to be instituted and followed from the top level; if an organization’s leadership isn’t following compliance practices, neither will employees.
Training and education—Managers and employees need to be trained on the laws,regulations and policies that are relevant to their position as well as their organization’s industry. Regularly training rankand-file employees on laws, regulations and policies can help ensure an organization’s compliance practices are followed.
Auditing and monitoring—Consistent and regular auditing and monitoring of compliance practices can allow an organization to stay informed of regulatory changes and become aware of potential issues before they become larger problems. Organizations can implement systems to track and report compliance issues, making sure that they respond quickly and appropriately to issues, complaints and investigations.
Corrective action—Successful compliance practices address how to respond when issues arise. Additionally, after addressing the compliance issue, it’s important that organizations follow up and take steps to ensure the issue doesn’t reoccur.
Feedback—Requesting frequent feedback from employees and other stakeholders can help organizations improve existing practices and develop new policies and procedures.
Establishing Standards and Procedures
Regardless of an organization’s size, compliance practices and processes play a role—whether completed by an owner or a formal HR professional—in the organization’s success. Small employers tend to implement more formal compliance processes as they grow. This is because their compliance needs, cultural challenges and talent struggles become increasingly complex with more employees. Performing a basic risk assessment can help organizations prioritize their compliance activities.
Small organizations generally have the following compliance needs:
Creating Employee Handbook and Workplace Policies
Establishing written policies is often the cornerstone of any organization’s compliance standards and procedures. These policies outline rules that organizations and their employees must follow. Written policies establish a small business’s compliance practices and inform employees what is expected of them. An organization’s policies must comply with all applicable laws and regulations and should be reviewed regularly and updated as needed.
There are many available resources to assist small businesses with establishing compliance practices. For example, many companies and law firms post handbooks, guidelines and other compliance materials online. These resources can serve as guides for small businesses as they begin to create their own policies and procedures. In addition, there are many available government resources to aid small businesses in establishing compliance standards and procedures, such as the Society of Corporate Compliance and Ethics (SCCE) guide, A Compliance and Ethics Program on a Dollar a Day, or the SCCE’s website. While there are many readily available resources, it’s important that small businesses review and adapt these resources to their organizations’ needs and requirements instead of simply copying them. Additionally, organizations can employ attorneys, HR professionals and compliance vendors to develop policies and compliance practices.
Assigning a Dedicated Individual
Assigning a dedicated individual or group of people to be responsible for an organization’s compliance practices can significantly improve a small business’s compliance efforts. This is important because it allows leadership and employees to know who to contact when compliance-related issues arise. Assigning a dedicated compliance individual can also help ensure that someone is monitoring and completing key compliance-related tasks. These tasks may include:
- Identifying potential risks
- Creating and implementing compliance practices and processes
- Monitoring compliance practices and activities
- Resolving compliance-related issues
- Advising leadership on how to minimize risks and better comply with laws and regulations
Owners of smaller organizations often take on compliance responsibilities themselves rather than delegating them to an employee, hiring an HR professional or using an outside vendor. According to industry research, nearly 54% of small businesses address HR-related issues themselves, with owners of small businesses spending as much as 12 hours each week on HR administration. This forces owners to balance their other responsibilities with compliance-related activities. Additionally, as organizations grow, small businesses tend to need compliance support because owners often do not feel confident managing compliance-related functions and processes.
If owners find they’re spending much of their valuable time on compliance-related activities instead of focusing on tasks that can grow their business, they might consider delegating compliance responsibilities to others. However, many small business employees who are responsible for their organization’s compliance practices are usually not sufficiently prepared or have the expertise to adequately fulfill these responsibilities. This often increases an organization’s risk of noncompliance. If a small business decides to appoint an employee to oversee its compliance practices, it’s important to select someone who can be trusted and is respected by others in the organization. Additionally, organizations should provide that individual with adequate education and training to enable them to properly oversee organizational compliance practices.
Hiring an HR professional can significantly improve a small business’s compliance efforts. In addition to improving organizational compliance, HR professionals can help with recruitment, employee engagement, retention, training and development, and developing compensation and benefits strategies. Before deciding to hire an HR professional or adding additional HR staff, employers need to decide where their staffing needs are the greatest and how much value HR professionals could add to their organization versus an investment in other departments. They also need to consider the skills an HR professional brings to ensure organizational needs are met.
Deciding when to hire an HR professional and how many are needed to operate effectively is a hotly debated topic. However, HR professionals are experts in their field and can give organizations the greatest chance of staying compliant. Determining how many HR professionals an organization requires is difficult and depends on the organization’s needs and growth strategy. For example, it’s not uncommon for smaller organizations in the early stages of growth to need to focus more on people management than more established organizations, which may result in hiring more HR personnel. As organizations grow, this need can decrease because of the cost advantages employers gain by increasing the size of their organizations.
Training Employees
Many legal or regulatory violations are preventable. Organizational compliance cannot be achieved unless managers and employees are aware of applicable laws and regulations and follow them. Employee compliance training aids small businesses in developing policies and procedures to stay compliant, establishing a culture of compliance and educating employees on their responsibilities. Effective training often provides employees with real-life examples of how compliance applies to their workplace roles, guiding them on how to respond to the issues and dilemmas they may face. Employees can then apply this knowledge to their day-to-day activities, helping organizations remain compliant.
Employers can train employees to:
Ensuring employees are properly trained can drastically improve an organization’s compliance efforts. A small business can make sure its employees are sufficiently trained by establishing regular and frequent classes or workshops. At a minimum, employers should train employees at the time of hire and once per year thereafter. Employers can also provide employees with guides and resources to help improve their compliance knowledge. Technology, such as learning management systems, can create, track and validate employee compliance training.
Auditing and Monitoring
A critical component of an effective compliance program is constant evaluation and improvement. Auditing and monitoring is the best way to detect potential risks and areas for improvement. As part of their compliance programs, small businesses can establish an auditing and monitoring plan that can not only identify potential risks but also mitigate them. Additionally, small businesses should implement a reporting system that employees can use to alert managers and leaders of potential compliance issues.
Taking Corrective Action
An effective compliance program not only outlines compliance standards and requirements but also instructs how to respond when those standards or requirements are not followed. When a small business detects a compliance issue through auditing or monitoring, a corrective action plan is needed to address the issue. An effective corrective action plan should facilitate the organization’s overall compliance goals, including identifying the cause of the issue, implementing steps to correct the issue in a timely manner, reducing the risk of the issue reoccurring in the future and establishing accountability. A small business may need to update its policies and procedures and provide employees with additional training to prevent future noncompliance. In some situations, it may be necessary or prudent to report the incident of noncompliance to the appropriate government agency.
Requesting Feedback
Employee feedback can be extremely valuable when establishing or improving an organization’s compliance practices. Employees are often aware of potential compliance-related issues before managers or leadership. However, they are unlikely to report these issues unless they are asked and they feel they’ll be safe from reprisal for speaking up. Small businesses can be proactive and request assistance from employees to improve the organization’s compliance efforts. This can assist with identifying potential areas of risk and addressing them before they become bigger issues. Additionally, requesting feedback can help an organization gain employee support for compliance efforts.
Summary
Small businesses often struggle to prioritize compliance-related activities due to their limited time and financial resources. This can make it challenging for small businesses to ensure compliance with legal requirements, potentially exposing organizations to large fines, legal fees and reputational damage. To protect themselves and stay compliant, small businesses can establish compliance practices and procedures. Understanding common operational challenges and best practices for establishing compliance practices can help small businesses improve their compliance efforts cost-effectively and efficiently.
Managing Compliance Practices
A small business’s compliance obligations don’t end after establishing practices and processes. Managing compliance practices is an ongoing process that often requires constant monitoring. This can be challenging for small businesses since they often must comply with many of the same laws and regulations as larger organizations but have fewer resources and personnel to dedicate to compliance activities. Additionally, small businesses often focus on growth, potentially neglecting to manage their compliance obligations. However, compliance poses high risks for small businesses, which can hamper their growth if and when issues arise. Therefore, it’s vital that small businesses find ways to continuously monitor and manage their compliance practices. Despite the unique challenges small businesses face, there are many successful strategies they can implement to manage their compliance practices and ease administrative burdens.
This section addresses common strategies small businesses employ to manage their compliance
practices.
Creating a Compliance Calendar
Compliance calendars are valuable tools to aid small businesses in meeting essential deadlines, avoiding penalties and staying compliant. Establishing a compliance calendar may make it easier for an organization to manage and fulfill their compliance obligations, helping to ensure they don’t get penalized or fined for missing important deadlines. A compliance calendar tracks filing deadlines as well as license and permit renewals. Having dates and deadlines in one place can keep everyone in an organization on the same page and improve compliance efforts. An effective compliance calendar will identify key filing obligations, important deadlines and any individuals responsible for the compliance task. They can also free up time to allow small businesses to focus on other important tasks.
Staying Up-to-Date on Compliance Changes
Laws and regulations can change often, and failing to stay informed of these changes can expose a small business to costly fines, penalties, investigations or audits. Consequently, it’s vital that small businesses find ways to stay informed of any changes that may impact them. There are several ways small businesses can do this, including the following:
Monitor government agencies’ websites. Many federal and state agencies post regulatory changes on their websites. By regularly checking these websites, small businesses can stay informed of any changes. Manually checking these websites can be time-consuming, so small businesses can use a Really Simple Syndication feed reader to automatically scan these websites for updates.
Subscribe to industry newsletters and blogs. Industry newsletters and blogs can inform small businesses of specific legal or regulatory changes that may impact their organizations. Some federal and state agencies even publish newsletters and blogs. Small businesses can consider subscribing to their newsletters or blogs to provide input and comments when these agencies propose new rules or changes to existing rules.
Join professional associations. Professional associations generally host networking events, lectures and seminars to keep individuals informed of the latest developments in their industry. They also publish journals or newsletters to keep organizations informed of industry trends and legislative changes.
Attend industry conferences. Industry conferences provide small businesses with opportunities to learn about compliance practices and new regulations, which may include receiving the most current and accurate information from representatives of regulatory agencies.
Use compliance software. Compliance software allows small businesses to track applicable regulatory requirements, including deadlines and reporting tasks. This can alert small businesses to missed deadlines and track legal and regulatory changes.
Leveraging Technology
Tracking and managing compliance-related issues is an ongoing administrative challenge for employers.Many large employers have embraced technology to help address these challenges, and recently, many small and midsize businesses are following suit. Technology, such as artificial intelligence, rule-based technology systems or cloud-based solutions, can provide small businesses with an effective and efficient way to manage and improve their compliance efforts while reducing operational costs.
Technology is becoming an important element of small business compliance practices, as it can assist employers with:
- Identifying legal or regulatory risks
- Automating HR functions, such as payroll, compensation, talent acquisition and pay transparency
- Monitoring paid time off, overtime and employee leave and sick time
- Optimizing employee recruiting and onboarding
- Streamlining employee benefits administration and open enrollment
However, many small businesses are only starting to evaluate which technology solutions can best aid their compliance efforts. With so many technology solutions to choose from, it can be difficult to know where to begin, but it’s best to start small. For example, implementing structured, rules-based technology can automate routine compliance tasks. Additionally, since compliance requirements can vary depending on the industry, a small business’s industry can often direct where to begin when implementing compliance technology solutions.
Small businesses can use specific software solutions to track and manage their compliance practices; for example, there are tools to monitor employee performance, create handbooks or workplace policies, and comply with tax requirements. Additionally, a small business can consider investing in human capital management (HCM), an HR information system (HRIS) or an HR management system (HRMS) to better support key HR functions and improve their compliance efforts. These systems can help small businesses automate labor-intensive HR functions and monitor compliance practices, including staying current on regulatory changes.
HCM
HCM is a software solution that helps small businesses meet their essential HR needs,such as recruitment, onboarding, compensation and time tracking. These solutions can be integrated to unify an organization’s HR functions, potentially reducing costs by eliminating redundancies. HCM can assist small businesses in tracking and complying with complex regulations, promoting organizational growth and meeting workforce needs.
HRIS
An HRIS is a centralized technology solution that stores employee information needed to complete core HR functions, enabling a small business to plan and manage its resources better. Typically, this technology can help an organization manage employee benefits administration, comply with payroll and tax requirements, and track employees’ hours and leave accrual.
HRMS
An HRMS helps employers track and gather data to better understand their workforce. An HRMS can streamline hiring and onboarding, establish employee performance standards and generate data to analyze trends. This technology differs from an HRIS in that it can provide performance management and reporting.
Compliance is only becoming more complicated and challenging for small businesses as more laws and regulations are enacted each year. However, by embracing the right technology solutions, such as rulebased technology systems or compliance automation tools, small businesses can enhance their compliance efforts and reduce their administrative burden. Wherever a small business decides to start, it’s important to keep the long term in mind instead of simply focusing on the initial steps.
Outsourcing Compliance Obligations
Outsourcing nonessential business functions has become increasingly common in recent years because it can allow organizations to reduce costs and gain critical knowledge and expertise. Small businesses are often burdened by compliance obligations and responsibilities, making it difficult to quickly and efficiently address legal risks or maintain effective compliance programs. Because of these challenges, some small businesses turn to outside experts to help develop and maintain their compliance practices programs.
Compliance tasks are routinely outsourced to vendors that can provide either complete or partial support. Small businesses often decide to outsource their compliance responsibilities when they notice gaps or weaknesses that make them particularly vulnerable to fines and penalties, such as during a government investigation or audit. Outsourcing compliance obligations to experts has many potential benefits, including the following:
- Evaluating existing compliance practices and identifying areas for improvement
- Reviewing policies and procedures and training efforts for effectiveness
- Assessing resources needed to effectively operate compliance practices
- Building metrics to monitor and improve compliance practices
- Creating a compliance roadmap for small businesses to follow
Using Vendors
Third-party vendors can aid small businesses in improving and even streamlining their compliance practices. For small businesses, ensuring compliance can be costly and laborious. Vendors may be more efficient and better at ensuring compliance than small businesses could be on their own. In addition to reducing an organization’s administrative burden, vendors can improve an organization’s ability to stay informed of changing regulations and requirements, reducing a small business’s risk of noncompliance. As a result, many small businesses with financial resources outsource their compliance practices to vendors.
Selecting the Right Vendor
Small businesses generally use vendors that are also small businesses. Small business vendors typically provide similar quality services as large vendors; however, when it comes to compliance, large vendors may have a leg up. This is largely because major vendors tend to have their own compliance management programs that many smaller vendors lack. These systems can allow them to effectively manage compliance-related activities.
Many vendors can tailor their services to meet an organization’s unique and specific compliance needs, including filing and reporting deadlines or managing compliance processes like employee identity and employment eligibility verification. Some vendors offer bundled services, so small businesses can outsource compliance practices and other services, such as employee assistance and wellness programs. However, small businesses are ultimately responsible for ensuring they comply with applicable laws and regulations even if they outsource their compliance practices. Therefore, employers should ensure their vendors rely on and receive guidance from the best sources.
Managing the Vendor Relationship
Vendor management allows organizations to control costs, reduce risks and create productive partnerships with third-party vendors. Proper vendor management often starts with selecting the right vendor. Small businesses should ensure the vendors they employ have the expertise and a proven track record to assist with their compliance efforts. After selecting a vendor, a small business should monitor and oversee its relationship with that vendor. Successful vendor management can be achieved by treating vendors as business partners, monitoring vendor performance and providing continuous feedback. This enables both the organization and the vendor to work together to improve the organization’s compliance practices. Small businesses can also identify and establish key performance indicators to better measure vendor performance. In addition, organizations can invest in vendor management systems that allow them to track and manage their third-party vendors.
Hiring Legal Counsel
Many small businesses only hire attorneys when facing a serious legal challenge due to cost concerns. However, hiring an attorney before problems arise may allow a small business to save money in the long run. While many compliance-related matters are straightforward and may not require legal assistance, hiring an attorney may be beneficial or even necessary in some instances, such as when handling employee discipline or responding to government investigations. Attorneys can be strategic business partners to help small businesses safeguard against legal risks and position themselves for future growth.
Many small businesses do not have an in-house attorney overseeing compliance activities, but hiring one can assist an organization in understanding its compliance obligations and potential legal risks. Attorneys can assist with a small business’s compliance efforts by developing policies and procedures or establishing compliance practices to help ensure the employer and employees follow applicable laws and regulations. This may include creating legal risk management strategies or developing auditing and monitoring programs.
Establishing Compliance Reviews and Audits
Small businesses often rely on compliance reviews and audits to evaluate the strengths and weaknesses of their compliance practices. Regular compliance reviews or audits can help a small business evaluate whether it is following legal and regulatory guidelines, identify potential weaknesses in its compliance practices and generate methods for making improvements.
While compliance reviews and audits have the same goals, they differ in important ways. A compliance review tends to be more informal and is conducted by employees. Small businesses typically use compliance reviews to evaluate their overall compliance-related risks and assess whether employees are following compliance practices and processes. An audit is a more formal process used to measure the overall effectiveness of a small business’s compliance efforts. This can be done internally, but most of the time, an audit is conducted by an independent expert to provide an unbiased, comprehensive review of an organization’s compliance practices. Compliance reviews and audits can be conducted regularly (e.g., annually) or ad hoc.
The following are basic steps for conducting an internal review of an organization’s compliance efforts:
Since laws and regulations change frequently, performing regular compliance reviews and audits can aid a small business in reducing its legal risk and improving its overall compliance.
Employer Takeaways
Managing compliance practices is an ongoing challenge for organizations of all sizes. Due to their limited resources, small businesses often strategize to find the best ways to manage their compliance obligations. Implementing the methods discussed in this section or a combination of approaches can help small businesses shore up their compliance management and set their organizations on a path to success and growth for years to come.
Summary
Small businesses are at a disadvantage in many ways when it comes to establishing and maintaining compliance practices. While complying with many laws and regulations can seem burdensome, an adequate understanding of compliance requirements is vital to any small business’s long-term success. Not only can noncompliance damage a small business’s reputation and financial health, but it can also threaten its existence. Staying compliant often requires an understanding of legal and regulatory requirements as well as constant monitoring. By regularly reviewing their compliance practices and procedures, small businesses can evaluate how well they’re meeting legal requirements, stay current on regulatory changes and correct any issues before they become larger problems.
Strategies for implementing successful compliance practices will likely vary for each small business, but an effective process can help organizations improve their overall compliance efforts, reduce the risk of fines and penalties, and set themselves up for long-term success. Prioritizing compliance can give small businesses peace of mind as they focus on growing their organizations. While this HR Toolkit provides a general overview of small business compliance, the laws and regulations small businesses must comply with often vary depending on the employer’s size, location and industry. Therefore, employers are encouraged to discuss any specific compliance-related questions with an attorney.
Appendix
Compliance requirements are complex and can be difficult and time-consuming. This section is intended to help remove some of that burden by offering valuable resources you can print or email and use for your organization. This appendix features a small business compliance cheat sheet, infographic and checklists. Please review these resources when implementing compliance practices or assessing your organization’s compliance processes. The information included in this section may require some customization, and it should only be used as a framework. Due to the complex nature of small business compliance, organizations are encouraged to seek legal counsel to discuss and address specific issues and concerns.
The resources included in this appendix are just a small sampling of the materials that are available to employers. By contacting TechServe Alliance, employers may have access to an entire library of compliance-related materials. Please speak with TechServe Alliance if you have any questions about these materials or any other content in this HR Toolkit.
Printing Help
There are many printable resources in this appendix. Please follow the instructions below if you need help printing individual pages.
- Choose the “Print” option from the “File” menu.
- Under the “Settings” option, click on the arrow next to “Print All Pages” to access the dropdown menu. Select “Custom Print” and enter the page number range you would like to print or enter the page number range you would like to print in the “Pages” box.
- Click “Print.” For more information, please visit the Microsoft Word printing support page.
Small Business Compliance Cheat Sheet – Federal Employment Laws by Employer Size
An employer’s size, meaning the number of employees, is a key factor in determining which federal laws including employment, health care, safety, privacy and financial laws—the organization must comply with. Determining an employer’s size can vary depending on the types of employees, where the employees are located and a law’s specific requirements. It’s vital for small businesses to be aware of the sized-based federal laws that may apply to their organizations to ensure they’re complying with all applicable laws and regulations. This is especially important for employers with fluctuating workforce numbers or who are considering hiring additional employees. Knowing which federal employment laws apply can enable small businesses to remain compliant, improve organizational efficiency, enhance employee morale and well-being, and set up for long-term success.
This cheat sheet provides a broad overview of key sized-based federal employment laws. If small businesses have questions regarding which federal, state and local governments may apply to their organizations or how to best navigate those laws, they should reach out to their local legal counsel.
Federal Employment Laws That Apply to Employers of All Sizes
The following federal employment laws apply to employers regardless of size:
| Law | Brief Description | Resources |
|---|---|---|
| Consumer Credit Protect Act (CCPA) | This law protects employees from discharge because their wages have been garnished for any one debt and limits the amount of an employee’s earnings that may be garnished in any one week | The U.S. Department of Labor (DOL) Wage and Hour Division’s (WHD) Employment Law Guide – Wages and Hours Worked: Wage Garnishment |
| Employee Polygraph Protection Act (EEPA) | This act prohibits employers from using lie detector tests for preemployment screening or during the course of employment, with certain exceptions. | The DOL WHD’s Employment Law Guide: Lie Detector Tests |
| Employee Retirement Income Security Act (ERISA) | This law sets minimum standards for employee benefit plans, including retirement plans—such as 401(k) plans—and welfare benefit plans, including group health plans. | The DOL’s Employee Benefits Security Administration’s website |
| Equal Pay Act (EPA) | Employers must provide equal compensation to men and women who perform work within the same workplace. | The U.S. Equal Employment Opportunity Commission’s (EEOC) Facts about Equal Pay and Compensation Discrimination |
| Fair Labor Standards Act (FLSA) | This law establishes minimum wage, overtime, recordkeeping and child labor standards for employers. | The DOL WHD’s Handy Reference Guide to the Fair Labor Standards Act |
| Immigration Reform and Control Act (IRCA) | Employers are prohibited from hiring and retaining employees who are not authorized to work in the United States. Employers and employees must complete the Employment Eligibility Verification form (Form I-9). Employers must retain a Form I-9 for each individual hired and make it available for inspection by authorized government officers. | The U.S. Citizenship and Immigration Services’ Handbook for Employers |
| Jury Systems Improvement Act | This law prohibits employers from discharging or taking other adverse employment action against employees who are summoned to jury duty in federal court. Most states have their own employment laws regarding jury duty. For more information, employers can reference 28 U.S. Code Section 1875. | 28 U.S. Code Section 1875 |
| Occupational Safety and Health Act (OSH Act) | This act requires employers to provide a safe workplace for their employees. The Occupational Health and Safety Administration (OSHA) sets and enforces protective workplace safety and health standards. | OSHA’s At-a-Glance guide |
| Uniformed Services Employment and Reemployment Rights Act (USERRA) | This law prohibits employers from discriminating against individuals on the basis of membership in the uniformed services with regard to any aspect of employment. | The DOL’s Veteran’s Employment Training Service’s guide |
Federal Employment Laws That Apply to Employers With 15 or More Employees
The following federal employment laws apply to employers with 15 or more employees:
| Law | Brief Description | Resources |
|---|---|---|
| Americans with Disabilities Act (ADA) | This law prohibits employers from discriminating against qualified individuals with disabilities in all employment practices, such as recruitment, compensation, hiring and firing, job assignments, training, leave and benefits. | The EEOC’s Facts About the Americans with Disabilities Act |
| Genetic Information Nondiscrimination Act (GINA) | This act prohibits employers from discriminating against employees or applicants based on their genetic information. | The EEOC’s Fact Sheet: Genetic Information Nondiscrimination Act |
| Pregnancy Discrimination Act (PDA) | This law prohibits workplace discrimination based on pregnancy, childbirth or related medical conditions. | The EEOC’s Facts About Pregnancy Discrimination |
Federal Employment Laws That Apply to Employers With 20 or More Employees
The following federal employment laws apply to employers with 20 or more employees:
| Law | Brief Description | Resources |
|---|---|---|
| Age Discrimination in Employment Act (ADEA) | This law prohibits employers from discriminating against employees or applicants who are age 40 or older based on their age. | The EEOC’s Facts about Age Discrimination |
| Consolidated Omnibus Budget Reconciliation Act (COBRA) | This act requires employer-sponsored group health plans to offer continuation coverage to eligible employees and their dependents when coverage would otherwise be lost due to certain events (e.g., termination of employment). | The DOL’s Employee Benefits Security Administration’s An Employer’s Guide to Group Health Continuation Coverage Under COBRA |
Federal Employment Laws That Apply to Employers With 50 or More Employees
The following federal employment laws apply to employers with 50 or more employees:
| Law | Brief Description | Resources |
|---|---|---|
| Affordable Care Act Act (ACA) – Employer Shared Responsibility Rules | Under this act, applicable large employers (ALEs) must offer affordable, minimum-value health coverage to their full-time employees (and dependents) or risk paying a penalty. An ALE will face a penalty if one or more full-time employees obtain a subsidy through the Health Insurance Marketplace. | The IRS’ Questions and Answers on Employer Shared Responsibility Provisions Under the Affordable Care Act |
| Family and Medical Leave Act (FMLA) | This law requires employers to provide eligible employees with unpaid, job-protected leave for specified family and medical reasons. | The DOL WHD’s The Employer’s Guide to FMLA |
Federal Employment Laws That Apply to Employers With 100 or More Employees
The following federal employment laws apply to employers with 100 or more employees:
| Law | Brief Description | Resources |
|---|---|---|
| EEO-1 Report | The Employer Information Report EEO-1, commonly known as the EEO-1 Report, requires employers to submit employment data categorized by race, ethnicity, gender and job category to the EEOC each year. | The EEOC’s website on EEO-1 Component Data Collection |
| Worker Adjustment and Retraining Notification Act (WARN) | Employers are required to provide a 60-day advance notice to employees of imminent covered plant closings and covered mass layoffs. | The DOL’s Employment and Training Administration’s Employer’s Guide to Advance Notice of Closings and Layoffs |
Small Business Compliance Checklist
Compliance is the act of adhering to federal, state and local laws and regulations. It’s an essential part of any business’s operations, regardless of size or industry. Ensuring compliance can aid employers in mitigating risks and avoiding hefty fines and penalties. It can also help organizations to become more competitive by strengthening their reputation, improving customer trust and protecting employees’ workplace rights.
Compliance obligations can present major challenges for small businesses; most of these organizations must navigate many of the same complex and regulatory obligations as larger employers, such as complying with the Fair Labor Standards Act, but with fewer resources. This is further complicated by the fact that a small business’s legal obligations often depend on its size and location. Failing to comply with legal requirements can hinder a small business’s growth and future success.
This checklist outlines steps to help small businesses establish compliance practices. It’s intended to be used as a guide, and not all of the following steps may be necessary to create and manage compliance practices. This checklist only scratches the surface of small business compliance requirements;therefore, the steps in this list should be modified to meet any jurisdictional requirements as well as the unique needs of an organization. Because small business compliance requirements vary based on several factors, including size and location, employers are encouraged to seek legal counsel to address specific issues and concerns.
| Ensuring Compliance With Applicable Laws and Regulations | Completed |
|---|---|
| Identify all applicable federal, state and local laws and regulations. | ☐ |
| Consider legal obligations based on the organization’s size, location and industry. | ☐ |
| Consult with legal counsel regarding applicable federal, state and local laws and regulations. | ☐ |
| Review current organizational policies and practices to determine whether they are consistent with all applicable federal, state and local legal requirements. | ☐ |
| Ensure the organization’s policies and practices comply with all applicable federal, state and local laws and regulations. | ☐ |
| Train personnel on all applicable legal requirements. | ☐ |
| Review the organization’s policies and practices regularly and update them as needed to ensure compliance with all applicable federal, state and local laws. | ☐ |
| Establishing Compliance Practices | Completed |
|---|---|
Perform a risk assessment of the organization’s current compliance activities in the following areas:
|
☐ |
| Establish a clear set of compliance policies and procedures to develop the framework for how the organization operates. | ☐ |
| Develop written policies or an employee handbook outlining laws, regulations and rules the organization and its employees must follow. | ☐ |
Assign a dedicated individual or a group of people to be responsible for overseeing and ensuring organizational compliance, including completing the following tasks:
While this individual or group may not have expertise or knowledge of all compliance functions, they are accountable for taking necessary steps to achieve compliance. This may include seeking guidance from local legal counsel. |
☐ |
Train managers and employees on applicable laws, regulations and policies, including how to do the following:
|
☐ |
| Audit and monitor the organization’s compliance practices consistently and regularly. | ☐ |
| Implement systems to track, report and mitigate compliance-related issues. | ☐ |
| Establish a corrective action plan to respond to compliance-related issues quickly and effectively when they arise. | ☐ |
| Follow up after responding to a compliance-related issue and take steps to ensure it does not reoccur. | ☐ |
| Update or establish new policies and procedures, if necessary. | ☐ |
| Provide employees with additional training to prevent future noncompliance, if necessary. | ☐ |
| Create a communication channel for employees to report ethical or legal concerns. | ☐ |
| Managing Compliance Practices | Completed |
|---|---|
| Create a compliance calendar to manage and track important dates and deadlines. | ☐ |
| Monitor government agencies’ websites regularly to stay informed of any changes. | ☐ |
| Establish a practice for staying up to date with changing federal, state and local compliance requirements. | ☐ |
| Subscribe to industry newsletters and blogs. | ☐ |
| Join professional associations related to the organization’s industry. | ☐ |
| Attend industry conferences. | ☐ |
| Leverage technology to manage and improve compliance efforts. Such technology may include payroll software, human capital management, an HR information system or an HR management system. | ☐ |
| Consider outsourcing compliance obligations to experts, including third-party vendors. | ☐ |
| Establish regular compliance reviews and audits. | ☐ |
| Hire legal counsel to help develop policies and procedures, establish compliance practices, advise on employee discipline and respond to government audits. | ☐ |
Successful compliance practices will differ based on the unique needs of an organization and applicable legal requirements. Regularly evaluating compliance practices and processes can help organizations ensure they follow applicable federal, state and local laws; identify any gaps in their processes; and adjust to avoid costly fines and penalties.
Contact TechServe Alliance today for more information about small business compliance.