Compliances  are structured  in Good 

Manufacturing Practices (GMP) principles:

    Product safety

    Health, safety, and environmental impact

    Data protection

    Export controls

    Anti-corruption

    IT safety and security

    Fair competition

    Employment law (Social compliances SA8000)

Compliance regulations  are divided into two categories: internal and external. Internal compliance measures are typically required by state governments for certain business entities (e.g. corporations, LTD  etc.); they are formed and enforced internally by a company’s upper staff. External compliance refers to those requirements imposed and enforced by a state or federal authority.

Internal Requirements for Business Operations

Corporations have strict internal requirements, which consist of forming a board of directors, conducting initial and annual director meetings, creating and updating bylaws, providing stock to shareholders and transcribing all stock transfers.

Other small businesses, including LTDs, do not have the same requirements as corporations, but each is strongly advised to keep clear and updated records of business transactions as well as any relevant changes in operations or adjustments to standards. Document templates and compliance kits (which can contain sample bylaws or an operating agreement, stock certificates, seals and sample meeting minutes) can assist in organizing and fulfilling your internal compliance requirements.

Internal requirements are largely and important for clients ,meant to ensure that a corporation is being run with integrity and free of corruption or other corrupting elements. Some parts of the business, such as stock sales, will be governed by external compliance requirements as well.

External Government Requirements

External requirements for corporations are sanctioned by the state in which you are incorporated and those in which you conduct business. External requirements typically include the following:

    Annual statement or report. Many states require corporations and LLCs to submit annual reports so they can keep clear records regarding these entities. A biennial statement may also be mandated by some states. A fee is generally required with a statement or report submission, typically ranging from $10 to over $300.

    Franchise tax. Some states require corporations or LTDs to pay a fee to operate, which is usually called a franchise tax. The amount depends on the state collecting it and is determined through formulas based on varying criteria, such as annual revenue collection or the number of shares issued by a company at par value.

    The Fair Labor Standards Act. All corporations and LTDs are required to comply with the Fair Labor Standards Act (FLSA). The FLSA establishes the minimum wage, overtime pay, and recordkeeping standards for full- and part-time workers in the United States. FLSA requirements can vary by state, so business owners should be aware of these requirements and take the necessary steps to comply.

Due dates and fees for reports vary from state to state, so be sure to look up regulations in the states where you plan to operate. Note that some states, including California and Nevada, require an initial report to be submitted with a fee a few months after incorporation.

Fines and Consequences for Non-Compliance

Since internal requirements are meant to ensure the optimum and ethical operation of a corporation, it is up to the executive, managerial and board staff members to determine appropriate penalties for a given violation. Common penalties are likely to include various reprimands or probation followed by dismissal for subsequent infractions.

For external requirements, penalties are imposed by state authorities and can range from miniscule amounts to very serious consequences. As with fees and requirements, the fines and types of penalties will vary from state to state. Generally, if external requirements are not met, a business can be deemed to be “piercing the corporate veil,” which eliminates the organization’s limited liability protection and makes the business owner(s) directly responsible for damages and losses should a lawsuit be brought against the company. It is in a company’s best interest to follow requirements and remain in “good standing.” If not, a late fee or interest payment could be enforced. If a company stays out of “good standing” for too long, administrative dissolution could result, which strips a company of its LLC or corporation advantages.

For example, in China, LTDs are responsible for filing an annual statement of information. If you mssig to fill out the tax form delinquency can eventually trigger the suspension of the business entirely. If a business in China is suspended, it loses all rights to operate as the type of business entity it initially formed and cannot conduct business in the state. Additionally, under China state law, any contracts that were formed by a suspended company are voidable.

Industry-Specific Requirements

While the regulations mentioned above are applicable to all businesses, there are notable industries that are governed by additional compliance requirements. The Occupational Safety & Health Administration is responsible for ensuring the safety of workers across all industries, and they offer informative primers to facilitate compliance for organizations within those industries.

Suggestions for Internal Compliance

If you’re looking for guidance on forming your own company’s internal compliance list, one good example is the Health Insurance Portability and Accountability Act (HIPAA). While HIPAA’s requirements were meant only for the healthcare industry, it touches upon many areas that are applicable to any business, and it gives a good template that any business can use when forming their own internal compliance plans:

1. Physical Entrance Policies

The company should have a recorded statement that outlines which individuals or positions have access to varying physical facilities.

2. Virtual Access

The business should designate who can access your servers, networks, programs and other data.

3. Password Protection

There should be an explanation of your company’s password requirements, including character specifications, frequency of password changes, blocks after unsuccessful login attempts and overall guidelines as to how employees should handle their passwords.

4. Security Updates

Employees should be equipped with security information. This information dissemination should begin with the hiring process and continue throughout the employee’s time with the organization. The business should also update employees regularly with any pertinent security notifications, such as potential bugs and attacks.

5. Virus Protection

The  organization should go beyond simply requiring employees to have antivirus programs on their systems. You should also outline how employees should react if a virus is detected and how employees can protect their systems from viruses.

6. Emergency Response

Employees should be provided with instructions for various types of emergencies, ranging from small server issues to major natural disasters.

7. Business Continuity

Business continuity outlines how critical business matters will continue to be conducted during emergencies.

8. Media Removal

A detailed explanation of how and when media is removed from the company’s systems should be in place.

9. Risk Analysis

A risk analysis and management program should encompass how risks are recognized and the action plans that will mitigate that risk.

10. Audits and Reviews

All items on this list must be auditable, demonstrating that your company is actually taking action to undergo the necessary processes and reviewing them regularly.

Social compliances according SA8000 

As corporations and businesses become larger and more profitable, there is a growing focus on social responsibility in global commerce. Customers and clients are also becoming much more socially aware and it’s important that factories are maintaining the social rights of their employees. This is where a social compliance audit comes in.

Social compliance refers to the way in which a company treats its employees and represents the minimum code of conduct when it comes to areas such as working hours, working conditions and remuneration.

Social compliance audits are common in China to ensure that a partner is abiding by its responsibilities to their business and its employees. The audits are conducted by experienced professionals and are conducted in line with the SA8000 standard, which is an international benchmark. This standard takes a long-term view of social compliance and encourages consistency. It encourages organisations to develop, maintain and apply socially acceptable practices.

Generally, the main areas that are investigated during a SA8000 social compliance audit are:

    Freedom of association – the right to join trade unions and bargain collectively

    Working hours – compliance with laws and industry standards regarding maximum working hours

    Discrimination – no discrimination when it comes to hiring, remunerating, training, promotion and termination

    Wages – remuneration should at least meet minimum legal wages with appropriate overtime rates

    Child labour – no use of children in the labour force or supporting this practice

    Forced labour – no compulsory labour, no salary withholding, and allowing employees to terminate employment

    Disciplinary practices – no abuse of employees

    Health and safety – provide a safe and healthy workplace with medical attention and hygiene standards

The social compliance audits are usually done via a combination of thorough facility inspections and walkthroughs, detailed documentation reviews and comprehensive interviews with employees and even management.

Social compliance audits are therefore a good way to ensure you are not contributing to environmental or social harm, even if it is inadvertently. Because this is becoming such an important factor in China, many factories have been known to employ consultants to help them pass audits with minimal effort as they simply want to appear to be compliant rather than actually maintain long-term compliance. However, it’s important to ensure that real changes and consistent practices are implemented to create lasting compliance. Regular audits and quality assurance checks will help ensure that a culture of quick or temporary fixes is uncovered and hopefully rectified.

For many global businesses, integrating a social compliance audit into the entire supply chain is a good practice as the risks of being associated with a business or factory that does not meet these standards can be very high. For example, you wouldn’t want to be listed on the China Labour Watch list, which names and investigates businesses that employ factories with poor standards. This can severely affect your supply chain and cause heavy, lasting damage to your reputation. This is a concern that is not limited to just large businesses but also smaller operators.