Compliance Requirements Every Business Must Follow
In order to legally operate, businesses must comply with certain requirements regarding the company’s transactions, labor practices and safety procedures. Before launching your business, you should know the appropriate regulations for your industry while making sure to keep a log of any costs and dates related to their compliance.
Compliance regulations can be divided into two categories: internal and external. Internal compliance measures are typically required by state governments for certain business entities (e.g. corporations, LLCs, etc.); they are formed and enforced internally by a company’s upper staff. External compliance refers to those requirements imposed and enforced by a state or federal authority.
Internal Requirements for Business Operations
Corporations have strict internal requirements, which consist of forming a board of directors, conducting initial and annual director meetings, creating and updating bylaws, providing stock to shareholders and transcribing all stock transfers.
Other small businesses, including LLCs, do not have the same requirements as corporations, but each is strongly advised to keep clear and updated records of business transactions as well as any relevant changes in operations or adjustments to standards. Document templates and compliance kits (which can contain sample bylaws or an operating agreement, stock certificates, seals and sample meeting minutes) can assist in organizing and fulfilling your internal compliance requirements.
Internal requirements are largely meant to ensure that a corporation is being run with integrity and free of corruption or other corrupting elements. Some parts of the business, such as stock sales, will be governed by external compliance requirements as well.
External Government Requirements
External requirements for corporations are sanctioned by the state in which you are incorporated and those in which you conduct business. External requirements typically include the following:
- Annual statement or report. Many states require corporations and LLCs to submit annual reports so they can keep clear records regarding these entities. A biennial statement may also be mandated by some states. A fee is generally required with a statement or report submission, typically ranging from $10 to over $300.
- Franchise tax. Some states require corporations or LLCs to pay a fee to operate, which is usually called a franchise tax. The amount depends on the state collecting it and is determined through formulas based on varying criteria, such as annual revenue collection or the number of shares issued by a company at par value.
Due dates and fees for reports vary from state to state, so be sure to look up regulations in the states where you plan to operate. Note that some states, including California and Nevada, require an initial report to be submitted with a fee a few months after incorporation.
Fines and Consequences for Non-Compliance
Since internal requirements are meant to ensure the optimum and ethical operation of a corporation, it is up to the executive, managerial and board staff members to determine appropriate penalties for a given violation. Common penalties are likely to include various reprimands or probation followed by dismissal for subsequent infractions.
For external requirements, penalties are imposed by state authorities and can range from miniscule amounts to very serious consequences. As with fees and requirements, the fines and types of penalties will vary from state to state. Generally, if external requirements are not met, a business can be deemed to be “piercing the corporate veil,” which eliminates the organization’s limited liability protection and makes the business owner(s) directly responsible for damages and losses should a lawsuit be brought against the company. It is in a company’s best interest to follow requirements and remain in “good standing.” If not, a late fee or interest payment could be enforced. If a company stays out of “good standing” for too long, administrative dissolution could result, which strips a company of its LLC or corporation advantages.
For example, in California, LLCs are responsible for filing an annual statement of information. The usual fee for submitting this statement is $25. But if the LLC misses the filing date, the Secretary of State office can add an additional $25 late fee per day, up to a maximum of $1,500. Further delinquency can eventually trigger the suspension of the business entirely. If a business in California is suspended, it loses all rights to operate as the type of business entity it initially formed and cannot conduct business in the state. Additionally, under California state law, any contracts that were formed by a suspended company are voidable.
While the regulations mentioned above are applicable to all businesses, there are notable industries that are governed by additional compliance requirements. The Occupational Safety & Health Administration is responsible for ensuring the safety of workers across all industries, and they offer informative primers to facilitate compliance for organizations within those industries.
Suggestions for Internal Compliance
If you’re looking for guidance on forming your own company’s internal compliance list, one good example is the Health Insurance Portability and Accountability Act (HIPAA). While HIPAA’s requirements were meant only for the healthcare industry, it touches upon many areas that are applicable to any business, and it gives a good template that any business can use when forming their own internal compliance plans:
1. Physical Entrance Policies
Your company should have a recorded statement that outlines which individuals or positions have access to varying physical facilities.
2. Virtual Access
Your business should designate who can access your servers, networks, programs and other data.
3. Password Protection
There should be an explanation of your company’s password requirements, including character specifications, frequency of password changes, blocks after unsuccessful login attempts and overall guidelines as to how employees should handle their passwords.
4. Security Updates
Employees should be equipped with security information. This information dissemination should begin with the hiring process and continue throughout the employee’s time with the organization. The business should also update employees regularly with any pertinent security notifications, such as potential bugs and attacks.
5. Virus Protection
Your organization should go beyond simply requiring employees to have antivirus programs on their systems. You should also outline how employees should react if a virus is detected and how employees can protect their systems from viruses.
6. Emergency Response
Employees should be provided with instructions for various types of emergencies, ranging from small server issues to major natural disasters.
7. Business Continuity
Business continuity outlines how critical business matters will continue to be conducted during emergencies.
8. Media Removal
A detailed explanation of how and when media is removed from the company’s systems should be in place.
9. Risk Analysis
A risk analysis and management program should encompass how risks are recognized and the action plans that will mitigate that risk.
10. Audits and Reviews
All items on this list must be auditable, demonstrating that your company is actually taking action to undergo the necessary processes and reviewing them regularly.
As always, do your own research in advance to ensure that your company follows the proper laws governing your business. When the threat of noncompliance begins with $25 and ends with suspension, it’s undoubtedly better to be safe than sorry.