top of page

Compliance Programs - Key Considerations

When businesses are thinking about building their compliance programs, they need to consider various components including corporate, commercial, intellectual property, employment, anti-bribery & corruption, anti-slavery & human trafficking and data protection matters. In this short blog, we’ve outlined certain key considerations to take into account and listed them under the relevant component.


  • Review Board of Directors and committee minutes.

  • Review Board of Directors committee structure and committee charters.

  • Review corporate structure, including affiliates and joint ventures.

  • Review governance-related policies, including conflicts and ethics.

  • Review insurance coverage.

  • Consider excess benefit transactions.

  • Review political campaign activities.

  • Determine related organisations and their activities.

  • Access to loans and equity investments, including program-related investments.

  • Consider government grants and contracts.

  • Lobbying registration and disclosure.

  • Assess employment taxes and workers compensation.

  • Consider export controls.

  • Review whether corporate registration and/or filings should be undertaken in other jurisdictions.

  • Verify that all corporate filings, including annual reports, have been made.

  • Document communications with the HMRC.

  • Review tax-exempt status, including HMRC determination letter.

  • Consider unrelated business income.

  • Record and consider foreign bank accounts and legal implications.

  • Determine sales, excise and franchise taxes.


  • Determine a policy for internal contract review, external review by counsel and execution of contracts.

  • Determine whether there are business relationships not covered by a written agreement.

  • Determine whether there are contracts with related parties and whether there was compliance with procedures for disclosing conflicts of interest.

  • Verify compliance with representations and warranties.

Intellectual property

  • Review policy for links to/from other sites.

  • Determine whether consents have been obtained for the use of content and website links.

  • Determine whether domain names infringe on another organisation’s trademarks or service marks.

  • Review website and review procedures for content monitoring.

  • Determine whether other proprietary information should be protected.

  • Grants likely to have intellectual property provisions that would include provisions re allocation of rights and requirements for protection of rights.

  • Review licenses, contracts and other agreements relating to IP and computer software to which the organisation is a party or a third-party beneficiary.

  • Review policies and third-party agreements relating to non-disclosure of confidential information and ownership of intellectual property created by employees and contractors.

  • Review procedures for maintaining confidentiality of trade secrets.

  • Verify status of trademarks, trade names, domain names, and copyrights.


  • Review job application form, standard job posting and recruiting materials.

  • Review procedures and practices for use of temporary workers.

  • Review whether individuals are properly classified as employees and independent contractors.

  • Review employment contracts and letter agreements.

  • Consider option provisions and dates for exercise.

  • Review compliance with requirements for documentation of citizenship of employees.

  • Review compliance with laws prohibiting various forms of discrimination.

  • Review employee manuals, handbooks and policies.

  • Review policies re public statements and speaking to the media.

  • Review existing tax qualified benefit plans.

  • Review fringe benefits.

  • Review non-qualified deferred compensation plans.

  • Review procedures and practices for terminating employees.

  • Review severance plans or policies.

  • Review recordkeeping for compliance purposes.

Anti-bribery & corruption

  • Put in place a governance charter and committee.

  • Complete a risk assessment.

  • Put in place policies and procedures on anti-bribery and corruption, gifts and entertainment, corporate hospitality and charitable giving.

  • Draft a supplier code of conduct/attestation for all third parties (including partners).

  • Complete ongoing monitoring and due diligence on all third parties.

  • Conduct training for all staff.

  • Conduct a review of compliance with economic sanctions.

Anti-slavery & human trafficking

  • Put in place a governance charter and committee.

  • Complete a risk assessment.

  • Put in place policies and procedures on anti-slavery and human trafficking in the supply chain.

  • Create a website transparency statement on anti-slavery and human trafficking compliance.

  • Supplier code of conduct/attestation for all third parties (including partners).

  • Complete ongoing monitoring and due diligence on all third parties.

  • Conduct training for all staff.

Data protection

  • Identify whether to appoint a Data Protection Officer.

  • Compile and update a data register regularly (including all types of personal data and lawful bases).

  • Identify if a local representative is required and appoint one.

  • Review all data transfers and put in place appropriate mechanisms for the transfers.

  • Register with the appropriate data protection supervisory authorities.

  • Put in place the following notices, policies and procedures: privacy notices, cookies notice, data protection policy, data protection impact assessments procedure, data subjects’ rights policy, data breach policy and data retention policy.

  • Compile and review all contractual relationships to ensure compliance (e.g., employees, contractors, data processors etc.).

  • Consider approach to direct marketing practices.

  • Conduct training for all staff.

  • Put in place technical controls to ensure data is protected.

  • Assess/verify policies, procedures and notices against technical controls.

Need help in building or further developing your compliance programs? Get in touch with our team at

General Update by Lindsay Healy and Puja Modha, Partners at Aria Grace Law

2 views0 comments

Recent Posts

See All
bottom of page