From labor codes and workplace safety regulations to cyber security reporting requirements, see the latest updates that may have an effect on your policy management strategy.
In the ever-changing landscape of the modern workplace, where remote teams span the globe, businesses face new challenges when it comes to ensuring they stay up to date with changing regulations. The fact is, companies must comply with the state laws where they are headquartered, federal law, and also every state in which they have remote employees.
This entails navigating a complex web of statutes, each with its own nuances, requirements, and interpretations. For example, in the wake of #MeToo, many states made significant changes, like requiring companies to include specific content within their sexual harassment policies. Not only are there 11 states with very specific sexual harassment policy requirements, but some cities have even made updates that must be recognized by companies as well. And beyond the world of employee-related compliance, risk professionals track changes such as the Securities and Exchange Commission’s (SEC) July updates on the disclosure of cybersecurity incidents, risk management, and governance for public companies (including foreign private issuers), which forced many organizations to rethink their approach to reporting and incident remediation.
Businesses must diligently research, interpret, and understand the diverse laws that govern employment relationships and organizational compliance, from data privacy and ESG to things like sexual harassment laws, labor codes, wage and hour laws, discrimination statutes, workplace safety regulations, and more. Failure to comply with any of these regulations can lead to legal ramifications, fines, reputational damage — the list goes on.
Now, once you’ve wrapped your head around the web of regulations, you’re not in the clear. The real challenge lies in maintaining compliance. Laws change frequently, and with a growing number of employees spread across different locations — alongside shifting federal requirements — the odds of needing policy updates are higher than ever. That’s where the ongoing task of monitoring, updating, and communicating policy changes becomes crucial. It’s a never-ending game, but one you must play to keep your business on the right side of the law.
Today, policy management means staying flexible and using technology to keep up with changes. Regulations shift, work setups change, so your strategy – and technology – must be dynamic.
Which local, state, and federal regulation updates should you have on your radar?
When auditing your company’s current degree of policy compliance, a short checklist can help make sure that you are organized:
The following vary by nation, state, and even sometimes city.
If you are tracking the updates to regulations that affect company employees and human resources, you must stay up to date with regulations like:
- Sexual Harassment and EEO Policies
- Protected Characteristics
- Accommodations
- Marijuana Laws
- Incident Reporting
- Wage and Hour
- Overtime, meal, and rest breaks?
- Leave Laws such as:
- Family leave, Medical leave, and state-paid FMLA
- Vacation and sick leave (which operates largely on the state level)
- Voting and election official leave
- Domestic violence leave
- Crime victim and witness duty leave
- Jury duty leave
- Bereavement leave (new laws in Illinois and Washington accommodate miscarriages and infant death)
- Parental leave
- Organ, bone marrow, and blood donor leave
- School activities leave
- Military leave
- Volunteer civil service and emergency responder leave
Keeping up with these changing policies – especially in a world where employees are spread far and wide – requires more than just a basic understanding of regulation shifts. It also entails a geographically determined onboarding process for new hires, so that they understand their rights and responsibilities from day one.
If you are risk compliance professional, the regulatory requirements on your radar might include:
- ISO 27001
- SOC 2
- SS1/22 & SS2/22
- COBIT
- NIST
- CCAR
- sr 11-7
- DFAST
- SOX
- TRIM & More
It’s a lot to keep track of, and without the right technology in place to monitor, manage, and mitigate risk, companies run the chance of falling behind on current regulations. But with a strong policy management platform, governance, risk and compliance professionals can automate their processes such that changing regulations are never a surprise, and the right policies are sent to the right people from day one of hire.
Using technology to monitor, manage, and mitigate risk
By keeping your compliance automated and electronically centralized, policy management platforms create an auditable account of both policy updates and attestation — which becomes crucial information if litigation ever arises. Without a centralized location that proves your compliance from day one, it can be difficult to validate compliance in court; with a centralized location, your company’s risk team has a bird’s eye view and automation to ensure that the right policies are always in place, updated both annually and as relevant regulations change or get introduced.
Ultimately, policy management is neither just a strategy nor is it just a technology: it combines both to fill gaps and create a consistent approach to changes in the regulatory landscape.
