Affordable Care Act? Lingering Dodd-Frank deadlines? Cyber security? With a daunting regulatory landscape, where should business leaders expect to focus their attention? Here's a look at the top regulatory concerns companies can be expected to face no matter what their industry.
Navigating Healthcare Reform
Although many of the reforms of the Affordable Care Act took effect by 2014, the massive overhaul continues to have implications for companies of all sizes. Ongoing requirements include new rules on flexible spending contributions, additional incentives to promote workplace wellness programs and new rules on how employers should apply the 90-day waiting period for health coverage for new employees.
Starting this year, employers with 100 or more full-time employees that do not offer affordable health insurance to those employees and their dependents may be required to pay an assessment if at least one of their employees received a premium tax credit to purchase coverage.
Additional requirements taking effect this year include:
- New reporting requirements for companies of all sizes that sponsor self-insured plans, with the first filing deadline in early 2016
- New requirements for information reporting for issuers, self-insuring employers and other parties that provide health coverage
- Additional withholding requirements on employee compensation that exceeds $200,000
If you have doubts about whether you're in compliance with any of the new or existing regulations, now is the time to review your policies and make changes.
Data and Privacy Protection in Technology
With the ability to pay for a purchase or access a coupon with the swipe of a smartphone, consumers have more options to engage with companies than ever before--and companies have an even greater burden of keeping their data secure.
In light of massive data breaches experienced by retailers like Target and Home Depot, President Barack Obama is trying to resurrect a "Consumer Privacy Bill of Rights" designed to empower consumers to have a say in how companies harvest and sell the information they leave behind through online interactions.
In light of these proposed regulations and the growing threat of data breaches, your company can no longer afford to leave data management to the IT department alone. You'll need a professional with cyber security expertise to evaluate your existing infrastructure and data policies to ensure you aren't putting customer or company assets at risk.
If you thought the Dodd-Frank Act only applied to financial services, you could be in for a rude awakening this year. Dodd-Frank's corporate responsibility provisions extend to public companies of all sizes. And if you're a private company, don't be surprised if your investors start demanding you to enact them.
These provisions include requirements to give shareholders non-binding advisory votes on executive compensation and payouts made in connection with a merger or acquisition. Companies are also now required to disclose the ratio between the CEO's total compensation and the median compensation for all other employees.
The Dodd-Frank Act also enhanced whistleblower requirements and empowered the Securities and Exchange Commission to financially reward whistleblowers. The SEC has shown no hesitation to use the new authority, announcing a host of rewards including a $30 million payout to a single informant, the largest one to date.
It's just one more reminder that all companies, whether public or private, need to educate employees on what constitutes a violation and how to report it. They'll also need to make sure they have an appropriate system in place to receive, investigate and respond to anonymous tips.
Third-Party Anti-Corruption Compliance
You might have assumed federal and international anti-corruption laws didn't apply to you if you're a small or mid-sized company. However, if you're doing business with larger companies that have a global presence, don't be surprised if one of your clients asks to see your code of ethics and compliance.
The U.S. Department of Justice has been vigilant about cracking down on companies that violate the Foreign Corrupt Practices Act and holding them accountable even if a third-party vendor was ultimately responsible. Smith & Wesson, Hewlett-Packard and Alcoa are among the list of companies that paid millions of dollars in fines and suffered serious reputation damage in the past year due to corrupt practices, and all were at the hands of a third party.
In the coming year, companies are taking more proactive steps to evaluate their third-party corruption risks and implement appropriate controls. If your business is part of the supply chain or a service provider for a public and/or global company, that customer may require your business to comply with the same complex regulations despite your business size.
Protecting Your Reputation And Your Bottom Line
Navigating the intricacies of ACA, Dodd-Frank, and anti-corruption law requires a compliance-minded leader with the foresight to anticipate risk and the authority to enforce strong protections.
In the past, smaller companies may not have considered hiring a chief compliance officer until after they were hit with a hefty fine, on the verge of a global expansion, or missed out on a contract due to lack of a compliance program. Today, more companies are seeing the value of hiring someone to protect their most important data assets, their reputation and their bottom line. Digital currency exchange itBit and Airbnb are two fast-growing companies that recently made headlines for hiring a chief compliance officer for the first time.
We can expect to see many more small businesses funneling money into compliance efforts in the coming year as regulatory concerns weigh heavily on the minds of executives, especially those at the helm of non-traditional companies.
John Gilmore, founder and managing partner of legal recruiting firm BarkerGilmore, says compliance is going to remain a primary concern in board rooms for companies of all sizes and across all industries in 2015. He says he sees it every day.
"Since most companies have limited experience hiring compliance officers who are fully aware of today's regulatory landscape, the recruitment process can be a daunting or challenging task," Gilmore said. With the added complexity of supply and demand in the talent pool, companies are turning to experts to guarantee a high-quality hire is made in a timeframe that meets the needs of the company.
John's advice to companies seeking a high level compliance professional is to be prepared to execute a formal search process and don't expect to take any shortcuts. Companies hiring a CCO for the first time should focus on clearly defining the necessary competencies and asking the right questions during initial interviews, he said.
The broad disparity of skills among compliance professionals and the consequences associated with selecting the wrong candidate add to the importance of the recruitment process. Be prepared early in the recruitment process to work around roadblocks; have a frank discussion with the finalist about a counteroffer. If you have identified someone truly qualified, their present employer will not easily accept their resignation.
As you finalize your operating budget for this year, take time to assess your regulatory risks and determine whether you have the appropriate infrastructure and staff in place to mitigate them. Your risk profile and risk tolerance will be unique to your company, but some risks are universal. Your reputation and future business success are on the line.