Identification of Legal and Regulatory Risks: Gap Analysis with the Human Resources Department

Today we have a guest post from our colleague, Mary Shaddock Jones.

Several weeks ago I wrote a series of articles entitled “Suggestions for Starting a Regulatory Compliance Risk Assessment”.   One article in the series was “Identifying Key Legal/Regulatory Compliance Risks” facing your company.  As we all know, laws and regulations can and do change on a regular basis.  Keeping up with the myriad of changes can be a difficult task for compliance and legal departments- especially at smaller firms or companies.  This is why we suggested that you need to “divide” the company into various “Risk Centers” and identify the “Risk Owners” within each Risk Center.  Responsibility for monitoring and notifying the Legal/Compliance departments of any change in the legal/regulatory requirements should remain with the “Risk Owner”.

The first element of an effective compliance program under the U.S. Sentencing Guidelines is to have Established Policies and Procedures to protect and detect non-compliance with regulations. While the U.S. Sentencing Guidelines specifically target “criminal conduct”, companies would be wise not to limit their “risk assessment” or “gap analysis” to only criminal conduct. Most, if not all, companies possess a number of corporate policies that govern employee behaviors.  The person in charge of the Compliance function should first identify the policies that exist across the company utilizing a gap analysis to catalog the existence of corporate policies across the company, noting policy gaps and inconsistent application of policies across various locations.  The Risk Centers and Risk Owners, perhaps with the assistance of the Compliance Department, will be tasked with filling the gaps and standardizing conflicting polices.

In order to be compliant, you have to know what you have to be compliant with!   So how do you work with the “Risk Centers” and the “Risk Owners” to structure the identification of legal and compliance risks in a way that can be managed and utilized with some degree of ease? The answer is, in my opinion, with a lot of hard work and persistence by working department by department!  Let’s start the process by focusing on the Human Resources Department (“HR”).

There are numerous labor and employment laws (International, Federal, State and Local) which govern the relationship between companies and their employees. Here are a few questions that the Compliance Officer may pose to the HR department in order to perform a gap analysis regarding policies and procedures:

1. Does the HR department have an inventory of policies, procedures, laws and regulations covering employees and employment related matters applicable to the company’s business?
2. If yes, do you have a specified person who is in charge of updating the inventory?
3. If no, what system does the HR department utilize to ensure that it is aware of the various laws and regulations and has a process to comply with them?
4. What evidence would the HR department be able to produce to the government to support a finding that the company has a solid compliance program for applicable labor and employment laws and regulations?
5. What types of training are mandatory for all employees, which are optional and how does HR track and document completion?  How is the training performed? Is it provided in the native language of the employee or only in English?
6. What types of enforcement actions are predominate in the labor and employment arena? How does the HR department track such actions? (i.e. I-9’s and Independent Contractor designations, to name two items which appear to currently be under the microscope)
7. Are employees within the HR department specifically trained to understand compliance requirements applicable to the labor and employment arena?
8. Does the HR department provide senior management with periodic updates on the monitoring of results, key risks, and compliance violations within HR?
9. Has the HR department established some type of escalation criteria to ensure that high-risk issues are reviewed at the corporate level?
10. Does the HR department have compliance monitoring standards in place?  Does the HR department perform periodic audits to ensure that the policies and procedures are being complied with?

These are only a few of the questions that you may want to ask to begin the process of assessing what labor and employment laws and regulations apply to your company.  In addition, I am always looking for good resources so that I don’t have to recreate the wheel.  Here are two few that I found searching the internet that may be of assistance in identifying legal and regulatory requirements applicable to HR department.

1. “Getting The Deal Through Online”  http://www.gettingthedealthrough.com/  This website (free for in-house counsel according to the website) provides international guides to law and regulation in 45 practice areas and more than 100 jurisdictions.  One of the books published is entitled “Labour & Employment 2010”.  The book is written in a question and answer format addressing many common issues that arise in the employment setting. Each chapter focuses on one of the 41 jurisdictions highlighted- such as United States, Argentina, Australia, Brazil, China, Columbia, etc.
2. Employment-Labor Law Audit (ELLA®). According to the website of The Institute of Internal Auditors- the ninth edition of ELLA® is the nation’s leading HR auditing and employment practices liability risk assessment tool and process.

My final suggestion is to work with the HR (and possibly the Audit) department to have a consolidated “Human Resources Compliance Audit Checklist” that can be used to audit (and document) the company’s HR Compliance Program.

When in doubt, contact a good labor and employment attorney both in the U.S. and locally in whatever foreign country you are operating, and have them review the HR Compliance Audit Checklist.  Enlist their help in keeping you advised of changes in the applicable labor and employment laws which apply to your company.

The key to compliance, in my opinion, is having the proper structure to identify the issues, implement policies and procedures to address the issues, audit for compliance and document, document, document.

Mary Shaddock Jones, Attorney at Law and former Assistant General Counsel and Director of Compliance at Global Industries, Ltd. can be reached via email at  msjones@msjllc.com or via phone at 337-515-8527 .

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.