Compliance Programs - Key Considerations

When businesses are thinking about building their compliance programs, they need to consider various components including corporate, commercial, intellectual property, employment, anti-bribery & corruption, anti-slavery & human trafficking and data protection matters. In this short blog, we’ve outlined certain key considerations to take into account and listed them under the relevant component.


Corporate

  • Review Board of Directors and committee minutes.

  • Review Board of Directors committee structure and committee charters.

  • Review corporate structure, including affiliates and joint ventures.

  • Review governance-related policies, including conflicts and ethics.

  • Review insurance coverage.

  • Consider excess benefit transactions.

  • Review political campaign activities.

  • Determine related organisations and their activities.

  • Access to loans and equity investments, including program-related investments.

  • Consider government grants and contracts.

  • Lobbying registration and disclosure.

  • Assess employment taxes and workers compensation.

  • Consider export controls.

  • Review whether corporate registration and/or filings should be undertaken in other jurisdictions.

  • Verify that all corporate filings, including annual reports, have been made.

  • Document communications with the HMRC.

  • Review tax-exempt status, including HMRC determination letter.

  • Consider unrelated business income.

  • Record and consider foreign bank accounts and legal implications.

  • Determine sales, excise and franchise taxes.

Commercial

  • Determine a policy for internal contract review, external review by counsel and execution of contracts.

  • Determine whether there are business relationships not covered by a written agreement.

  • Determine whether there are contracts with related parties and whether there was compliance with procedures for disclosing conflicts of interest.

  • Verify compliance with representations and warranties.

Intellectual property

  • Review policy for links to/from other sites.

  • Determine whether consents have been obtained for the use of content and website links.

  • Determine whether domain names infringe on another organisation’s trademarks or service marks.

  • Review website and review procedures for content monitoring.

  • Determine whether other proprietary information should be protected.

  • Grants likely to have intellectual property provisions that would include provisions re allocation of rights and requirements for protection of rights.

  • Review licenses, contracts and other agreements relating to IP and computer software to which the organisation is a party or a third-party beneficiary.

  • Review policies and third-party agreements relating to non-disclosure of confidential information and ownership of intellectual property created by employees and contractors.

  • Review procedures for maintaining confidentiality of trade secrets.

  • Verify status of trademarks, trade names, domain names, and copyrights.

Employment

  • Review job application form, standard job posting and recruiting materials.

  • Review procedures and practices for use of temporary workers.

  • Review whether individuals are properly classified as employees and independent contractors.

  • Review employment contracts and letter agreements.

  • Consider option provisions and dates for exercise.

  • Review compliance with requirements for documentation of citizenship of employees.

  • Review compliance with laws prohibiting various forms of discrimination.

  • Review employee manuals, handbooks and policies.

  • Review policies re public statements and speaking to the media.

  • Review existing tax qualified benefit plans.

  • Review fringe benefits.

  • Review non-qualified deferred compensation plans.

  • Review procedures and practices for terminating employees.

  • Review severance plans or policies.

  • Review recordkeeping for compliance purposes.

Anti-bribery & corruption

  • Put in place a governance charter and committee.

  • Complete a risk assessment.

  • Put in place policies and procedures on anti-bribery and corruption, gifts and entertainment, corporate hospitality and charitable giving.

  • Draft a supplier code of conduct/attestation for all third parties (including partners).

  • Complete ongoing monitoring and due diligence on all third parties.

  • Conduct training for all staff.

  • Conduct a review of compliance with economic sanctions.

Anti-slavery & human trafficking

  • Put in place a governance charter and committee.

  • Complete a risk assessment.

  • Put in place policies and procedures on anti-slavery and human trafficking in the supply chain.

  • Create a website transparency statement on anti-slavery and human trafficking compliance.

  • Supplier code of conduct/attestation for all third parties (including partners).

  • Complete ongoing monitoring and due diligence on all third parties.

  • Conduct training for all staff.

Data protection

  • Identify whether to appoint a Data Protection Officer.

  • Compile and update a data register regularly (including all types of personal data and lawful bases).

  • Identify if a local representative is required and appoint one.

  • Review all data transfers and put in place appropriate mechanisms for the transfers.

  • Register with the appropriate data protection supervisory authorities.

  • Put in place the following notices, policies and procedures: privacy notices, cookies notice, data protection policy, data protection impact assessments procedure, data subjects’ rights policy, data breach policy and data retention policy.

  • Compile and review all contractual relationships to ensure compliance (e.g., employees, contractors, data processors etc.).

  • Consider approach to direct marketing practices.

  • Conduct training for all staff.

  • Put in place technical controls to ensure data is protected.

  • Assess/verify policies, procedures and notices against technical controls.

Need help in building or further developing your compliance programs? Get in touch with our team at compliance@aria-grace.com.


General Update by Lindsay Healy and Puja Modha, Partners at Aria Grace Law