1. What is a compliance plan and why should a business have one?
A compliance plan is when your business is reviewed to ensure that your business is (1) compliant with all applicable laws to your business and (2) designed in a way that protects the business owner from needless litigation.
Implementing a compliance plan is a sound business practice that may save you money. Being compliant with all applicable laws will avoid unnecessary costs and needless government intrusions which could either shut down your business temporarily or indefinitely. Structuring your business plan in a certain way can avoid legal costs spent in defending potential civil lawsuits or regulatory investigations which may lead to criminal investigations in the future.
2. What are some examples of laws that require compliance plans?
The Gramm-Leach-Bliley Act (GLB), the Health Insurance Portability and Accountability Act (HIPAA), the Fair and Accurate Credit Transactions Act (FACTA), Sarbanes Oxley (SOX) and the Patriot Act are some examples of the most recent compliance laws implemented by the federal government. GLB, HIPAA and FACTA were created to protect information. GLB concentrates on financial institutions, HIPAA relates to health care providers, and FACTA regulates consumer reporting agencies. SOX is a law that primarily attempts to hold upper level management accountable for the accurate and truthful reporting of the financial state of a company or business. Although a SOX compliance is implemented through the assistance of legal counsel, it is executed, in most instances, by accounting firms or auditors.
Since the Patriot Act is a topic of much conversation these days and serves as a great example of regulation which affects many without their knowledge, I will elaborate further on this controversial law. The Patriot Act was created primarily to 1) expedite law enforcement’s ability to investigate terrorism; and 2) prevent the funding of terrorism. Consequently, the first question that usually is made by someone who is asking about the Patriot Act is “Why should I care about that? I’m not a terrorist and I certainly don’t give money to terrorists!” Although right on both counts, one may be caught in the web of the Patriot Act without even realizing it.
Many who are aware of the Patriot Act believe it only relates to banks or lending institutions, and that it only analyzes monetary transactions. That is not the case. Examples of other businesses also caught under its regulation are operators of credit card systems; insurance companies; dealers in precious metals, stones or jewels; pawnbrokers, loan or finance companies; travel agencies; businesses engaged in vehicle sales; and persons involved in real estate closings and settlements. Besides monetary transactions, the Patriot Act also covers, among other things, the type of good or service provided by a company and how businesses hire employees and choose vendors.
To add to the confusion, laws like the Patriot Act and legislation resulting from it have made it so that a business now has to worry about multiple governmental agencies, who do not communicate with one another, sometimes regulating the same aspect of your business. That means that these laws have substantially raised the probability that a business may consistently suffer absurd intrusion from multiple government agencies on one issue.
3. Aren’t compliance plans for companies that may deal with questionable or unethical businesses, criminals or are themselves criminals?
Not at all. One of the most perplexing issues for businesses to deal with is the fact that laws in place today sometimes make legal conduct illegal. Compliance plans are insurance that if should some problem surface in your business, proof exists that your business was trying to do the right thing by having a compliance plan in place. Part of the problem in conducting business has always been dealing with regulation from many different entities each of which has its own investigative arm and set of regulations to follow. The events of 9/11 have brought new players like the Department of Homeland Security to issues that only may have been previously covered by the Department of Customs or the Office of Export Enforcement. This means you may have multiple law enforcement agencies intruding your business. A compliance plan is welcomed by law enforcement and usually deters further investigation and intrusion, which will save you money and stress. One can think of a compliance plan as an early exit strategy from extensive regulation.
4. What is the first step in designing a compliance plan and how long does it take to implement?
We would meet with you for a free consultation to discuss the type of business you have and what makes sense for you. The consultation can either take place in person or over the telephone. However, appointments in person are advisable if you wish to properly evaluate us and bring documentation to be reviewed. The length of time it takes to implement a compliance plan will vary from weeks to months depending on the scope of the plan and the size of the business.
5. How much does it cost to create a compliance plan?
The fees are based on the size of your business and the scope of the work you want reviewed. For example, the higher fees are related to international companies with multiple branches of business that will require substantial analysis as to all aspects of the business. The smaller the business, the less there is to review, thus the lower the fee.