Business Compliance Tips

Confirm your business is in “Good Standing”. Periodically checking and ensuring your business is in good standing is important. This is a document issued by the state that says you are cleared to run your business. Essentially, it’s a document that shares the compliance status of a business.

It’s smart to have this certificate on hand; it will save you time since lenders and other states may require it if you want to do business with them. You may also acquire various fees if you do not have it.

A Certificate of Good Standing, also called a “Certificate of Existence” or “Certificate of Authorization,” “Certificate of Fact” (name may vary by state) is a state-issued document that shows that your corporation or limited liability company (LLC) has met its statutory requirements and is authorized to do business in that state. Think of it as a kind of ‘snapshot’ of your business’s compliance status.

Among other things, a Certificate of Good Standing confirms that your business:

• Is up-to-date on its state fee payments
• Has filed an annual report
• Has paid its franchise taxes

There’s a good chance you’ll need to secure a Certificate of Good Standing from time to time during the life of your business. Many companies request a Certificate of Good Standing occasionally for their own records. A Certificate of Good Standing may also be required by:

• State governments, if you’re applying for foreign qualification there
• Lenders, when you’re trying to obtain financing
• Banks, for certain transactions
• Potential business partners or investors

You may need to present your Certificate of Good Standing in order to renew specific licenses or permits, and a Certificate of Good Standing is also important evidence when it comes time to sell your business. In addition, if you are looking to register to do business in additional states, those states may ask for a copy of your Certificate of Good Standing.

1. Gain access to a reliable, trusted Legal Firm and meet with them regularly
2. Conduct an annual review with your CPA
3. Stay Informed as the business owner; there are tons of reasons we may give for falling behind, but if you want to see success, you will not make excuses. It is our responsibility to keep up with every new update and make sure to apply it to what we’re doing.
4. Refer to your city and state websites periodically for new announcements;
5. Sign up for updates– Sign up for updates on the law-creating entity or enforcement websites to ensure your information is direct from the source.
6. Automate where possible-small businesses may not have the know-how or the resources to stay up-to-date with changing laws. Look to automation and experts.
7. Adopt a regulatory Change Management Process-this is required to implement and enforce compliance within the organization. This program ensures that all instructions are complied with and that breaches of the rules can be identified quickly. The objective of this process is to implement and maintain a transparent, unmistakable and clearly understandable culture of compliance.
8. Keep an Open Mind– These days, there is no one way of doing things, and everything should remain fluid. Adjust and pivot accordingly while staying true to the essence of your business and your core.

Source: Forbes Business Council

• Login credentials
• Credit card transactions or bank account information
• Personally identifiable information — such as full name, address, date of birth, or telephone number
• Legal documents and contracts
• Medical records
• Proprietary information

1. Charter Document
   1. LLC – Certificate of Formation aka Articles of Organization
   2. Corporation- Articles of Incorporation

Issued by your respective state when you file and your business is approved as an LLC

2. Internal Operating agreement (LLC) or your company’s bylaws (corp)

Operating Agreement–

1. All members of an LLC enter into a contract when they create an operating agreement.
2. It governs the company’s internal affairs.
3. Members usually have a great deal of flexibility in how they manage the LLC.
4. can be simple or complex, depending on what the members want. It acts as a framework for the business and can set forth initial member contributions and other core operations.

A typical operating agreement may contain the following information:

• Each member’s ownership percentage
• Members’ obligations and rights
• Voting power
• Distribution of profits
• Allocation of losses
• Management details
• Management responsibilities
• Members’ financial obligations

Most states don’t require an LLC to file an operating agreement with a state agency, but it still has to conform to state laws.

An operating agreement is mandatory as per laws in only 5 states: California, Delaware, Maine, Missouri, and New York. 

It’s recommended that owners — or members — create an operating agreement because it helps prevent management misunderstandings and adds to the company’s limited liability protection.

Even a single-member LLC should have an operating agreement. This ensures the company is treated as an LLC and not a sole proprietorship in the eyes of the law. It acts as a declaration of the structure you have chosen for the company and sometimes used to prove in court that the LLC structure is separate from that of the individual owner and thus necessary so that the owner has documentation to prove that he or she is indeed separate from the entity itself.

It is needed when applying for certifications and some government programs.

Bylaws–

1. similar to an operating agreement as they determine how the corporation’s board of directors will govern the business.
2. Depending on how many shareholders the corporation anticipates having and the complexity of the business, bylaws may be simple and straightforward or very complex.
   1. Fundamental rules outline operating procedures for everyone from employees and executives to the shareholders.

Typical bylaws include the following information:

• Name and contact information of the corporation
• The procedures for director meetings
• The procedures for shareholder meetings
• The number of officers and directors in the corporation
• The types of shares the corporation issues
• The procedures for keeping corporate records
• The procedures for making changes to the bylaws

Although bylaws and operating agreements are internal, you should make them as detailed as possible. This helps prevent conflicts in the future since all rules and regulations are clearly outlined.

3. Minutes of Meetings
   1. One thing that you must have in your business are meetings, you have to have an initial meeting after your business is formed and should have annual meetings thereafter.
   2. There should be minutes captured for each of those meetings and kept on record
   3. It captures inputs like date, time, name of attendees, absentees, the agenda of the meeting, further issues, list of tasks to be performed, next meeting schedule, decisions, and suggestions.
   4. If you are in a partnership or have several business partners, every meeting should be captured in meeting minutes.
   5. Even if meeting is recorded someone in your business needs to be responsible for transcribing the meeting into minutes.
   6. Meeting minutes are needed when filing for certifications and contracting programs.

4. Business Plan
   1. It will clarify what your business is, the roadmap you have mapped out to get you to where you want to be. It includes your ideas and strategies in a framework that is easily presented.
   2. It is needed if you choose to seek funding for your business. Investors will require you to have a business plan
   3. Every business needs a business plan. Some will say unless you are seeking funding you have no need for a business plan. The business plan is going to be first and foremost for you. You need to lay out your plan for your business. Failure to plan is a plan to fail. It is not enough to have the plan in your head, you need to put pen to paper and document your plan.
   4. I am a God girl and I believe you have to write the vision and make it plain. So that it is easily understood. And that is exactly what you want when seeking investors. You want them to read your business plan and see your vision.
   5. This is an ever-evolving document, it is not something you write one time and store away. You write it, you should review it often, at least annually but depending on how your business is growing or your plans are shifting you may need to review monthly. There is no limit to how many times your business plan can change or be updated. It’s your call.

5. Capability Statement

Your Capability statement is basically your resume for your business and should include:

1. Company Name & Logo
2. Mission/Quality Statement
3. Company Overview
4. Skills
5. Experience/Past Performance
6. Key Accomplishments
7. NAICS/Commodity Codes
8. Company Profile
9. Certifications

6. Non-Disclosure Agreement (NDA)
   1. your business’ first line of defense is the protection of sensitive information
   2. It helps safeguard sensitive information such as financial records, clients, customer details and countless other information that the company deems to be sensitive.
   3. When you work with contractors, freelancers and even employees sometimes you may have to disclose confidential information. It is critical that this information is protected because if it is leaked it could cost your business a fortune.
   4. This is why companies ask employees, contractors, and/or freelancers that may receive confidential information to sign an NDA.
   5. An NDA is legally binding when signed and if the information is leaked your company can bring litigation against the violator.

7. Employee Agreement
   1. Each of your employees has certain obligations and expectations they must fulfil as do you as the employer.
   2. An Employee Agreement is going to lay the ground rules of the employer/employee relationship.
   3. It is not legally required to have an employee agreement, but it is recommended to safeguard the company in the event of a dispute in the expectations of the working relationship.

8. Partnership Agreement
   1. If you have one or more business partners and are considered a partnership, you will want to have a partnership agreement.
   2. This will outline the obligations, legal and operational, debt liability and profit sharing among the partners.
   3. It basically keeps the partners in tandem to the agreed terms

9. Policies and Procedures (High Level)
   1. A policy provides guidelines and overall direction for an organization
   2. A proceduredescribes how policies should be implemented.
   3. These are what you will provide if an external audit is performed

• Basic Sections
  • Document Header: Header information, also called meta information, includes the policy title, policy number, revision dates, publication dates, approver’s signature, and department.
  • Purpose: This explains what the policy is about and the reason for having the policy, such as how it promotes compliance with standards or regulations.
  • Policy Statements: Describe the overall framework for the policy and its intent.
  • Definitions: Define terms in your policy, especially words and phrases with multiple meanings. Definitions make policies clearer and can be important if the organization ever faces litigation.
  • Table of Contents: Whether your document is published online, made into a PDF, or printed, a table of contents aids users in quickly finding information. Hyperlinked tables of contents are a helpful feature of electronic documents.
  • Policy and Procedures: Details of the policy and procedures may be included in one document.
  • Scope: This describes the individuals, departments, or groups to whom the policy applies. To increase clarity, describe any employees or others to whom it does not apply.
  • Responsibilities: To ensure compliance, specify which roles are responsible for creating documents and reviewing documentation and activities.

10. SOPs
    1. SOPs are vital to the growth and development of small businesses,
    2. because theycreate benchmarks for the quality of output for every employee. If management has set high standards for the business, having SOPs in place helps ensure that every team member knows exactly what is expected of them and how to reach those expectations.
    3. They are step-by-step instructions specific to your business that explains how routine operations are performed in your business.
    4. They take the guesswork out of everyday task
    5. While it may look like a lot of work upfront, to create an SOP, you’ll simply document the tasks you already do on a regular basis. Having this documentation will make it way easier to train new employees, automate tasks, and free up your and your team’s time to focus on money-making activities.
    6. Example: What if you were sitting on the runway waiting on your plane to take off, you just happened to look out of the window only to see the crew haphazardly working on random parts of the plan, looking confused about what they are doing. Would you be ok to fly on that plane? Or would you want to get off the plane?
    7. The same can be said about how your customers feel when dealing with your business. They need to know you and your staff have processes in place to keep things flowing smoothly
    8. These are not anything your clients will ever see but for internal use only.
    9. I worked in Corporate America for years before becoming a full-time entrepreneur and I would drill in my employees that every task they completed needed an SOP.
       1. Ultimately, Your SOPs will make you and your employees more productive and inspired to work
       2. They create a more secure workplace
       3. They are used as a source to evaluate your employee’s performance
       4. They Improve communication within your company
       5. And they provide quality control
       6. SOPs should be evaluated at least annually but as often as needed.

If you need access to templates for each of the documents mentioned, templates are available at link below

Business Templates | Aspire 2 Inspire Academy

Business Compliance Tip #6

You must comply with employment regulations.

If you run a small business, you may not have a payroll or human resource expert on staff like a larger organization might, but you still need to comply with employment regulations all the same. Some of the areas important to small business compliance include:

Payroll

To run payroll in full compliance, you may need to:

• Abide by the minimum wage and overtime pay requirements of the Fair Labor Standards Act (FLSA).
• Provide equal pay for equal work regardless of gender in accordance with the Equal Pay Act (EPA).
• Follow state and federal guidelines when using direct deposit and pay cards

Taxes

Whether you file quarterly estimated taxes or an annual tax return for your small business, be aware of filing deadlines and deposit frequencies. Requirements may vary across the local, state and federal levels. 

Benefits

Depending on the size of your organization, you may need to offer these benefits to your employees to maintain small business compliance:

• Workers’ compensation
• Unemployment insurance
• Disability insurance
• Health insurance
• Consolidated Omnibus Budget Reconciliation Act (COBRA) benefits
• Leave of absence

Hiring

Recruitment might be simpler in smaller organizations, but that doesn’t mean the regulations are any less strict. Your hiring practices must comply with Equal Employment Opportunity Commission (EEOC) and Office of Federal Contract Compliance Programs (OFCCP) guidelines. Additionally, all new employees are required to complete a Form I-9 to verify employment eligibility. Some states have also made E-Verify mandatory.

Record keeping

Under the Fair Labor Standards Act (FLSA), you may have to keep certain employee payroll records for a minimum of three years. The information must remain confidential and in a secure location at all times. Depending on where you do business, you might have to abide by state record keeping requirements, as well.

New COVID-related regulations and tax credits

The COVID-19 pandemic has changed the nature of how we work. For updates on COVID-related legislation that impacts payroll, tax filing and employee leaves of absence for small businesses, please visit our ADP Employer Preparedness Toolkit: Coronavirus Disease (COVID-19).

Source: ADP

• healthcare plans (e.g., insurance carriers, corporate health plans, HMOs)
• providers (e.g., hospitals, doctors, nurses, pharmacies, dentists)
• data clearinghouses

Business Compliance Tip #8

Compliance Risk

What is compliance risk?

Compliance risk is an organization’s potential exposure to legal penalties, financial forfeiture and material loss, resulting from its failure to act in accordance with industry laws and regulations, internal policies or prescribed best practices. Compliance risk is also known as integrity risk.

Organizations of all types and sizes are exposed to compliance risk, whether they are public or private entities, for-profit or nonprofit, state or federal. An organization’s failure to comply with applicable laws and regulations can affect its revenue, which can lead to loss of reputation, business opportunities and valuation.

Types of compliance risk

An organization may be implicated in the following types of compliance risks:

• Corrupt and illegal practices. Legal compliance ensures that the organization, its agents and employees are abiding by the laws and regulations of the industry. Common compliance risks involve illegal practices and include fraud, theft, bribery, money laundering and embezzlement.
• Privacy breaches. A common compliance risk is the violation of privacy laws. Hacking, viruses and malware are some of the cyber risks that affect organizations. Additionally, if a company handles sensitive information, it is required to take the appropriate measures to protect that data and prevent privacy breaches.
• Environmental concerns. These compliance risks deal with pollution and environmental damage an organization’s operations can cause. Examples include the destruction of natural habitats, use of harmful chemicals, hazardous waste disposal and pollution of groundwater. Many companies are integrating sustainability into their business strategies and are providing their employees with training and resources to help them achieve environmental compliance.
• Process risks. A process risk is a failure to follow an established procedure for completing a task or a deviation from the standard process. For example, a company must have a documented procedure for accessing its network remotely. If an employee abuses the proper procedure for remote access, it is considered a process risk.
• Workplace health and safety. Companies are legally required to follow specific health and safety protocols. In the U.S., many of these laws are enforced by federal agencies, such as the Occupational Safety and Health Administration (OSHA) and U.S. Food and Drug Administration (FDA). In Europe, the equivalent regulatory bodies are known as the European Agency for Safety and Health at Work (EU-OSHA) and European Medicines Agency (EMA).

What is compliance risk management?

Compliance risk management is the process of identifying, assessing and mitigating potential losses that may arise from an organization’s noncompliance with laws, regulations, standards, and both internal and external policies and procedures. Management practices are intended to help organizations maintain compliance with various regulations and laws. Organizations may have compliance risk management policies and procedures, which are the framework and mechanisms they implement to control compliance risk. Compliance risk management is a continuous process that involves tracking changes in the regulatory environment to ensure an organization’s compliance is up to date. Compliance policies, procedures and training materials must be revisited on a regular basis in light of new policies, directives and regulations.

Organizations need to be aware of their compliance risk on a number of levels, not just from the perspective of the chief compliance officer (CCO). While the CCO and other compliance staff are responsible for reviewing all aspects of the organization’s compliance risk — including its legal, regulatory, financial and technical risks — the compliance risk extends to all levels of the organization, including information technology (IT). This is why the organization’s IT department must be involved in compliance risk management.

Compliance risk management forms a portion of the collective governance, risk and compliance (GRC) discipline. GRC is a set of management practices and technologies to ensure that an organization is operating in a manner consistent with its values, mission and risk tolerance. GRC policies are mainly seen in the financial industry, but other industries, such as healthcare, are also required by law to adopt risk management and compliance practices.

GRC is designed to help organizations identify and evaluate risks to their business and reputation. The three fields are similar to incident management, operational risk assessment and internal risk.

Business Compliance Tip #9

Fraud in Small Business

Compliance encompasses several aspects of business, including Fraud.

It can be hard figuring out how con artists may target your small business because different types of fraud exist. Here, we’ve detailed the common types of frauds right now, the potential signs, and how best to mitigate them. Because there are soo many ways fraud can take place, I will break this tip into two tips. 

7 Common Types of Small Business Fraud

Payroll Fraud

Payroll fraud occurs when employees manipulate the payroll system to receive payment for work not done. In fact, 27% of all businesses experience payroll fraud and small businesses are affected twice as often as big corporations. Some potential warning signs include:

• Flaws in payroll records
• Employees not taking PTO
• Employees using duplicate paychecks
• Employees living way beyond their means

Payroll fraud can be prevented by proper monitoring of payroll reports, payroll auditing, or seeking the services of professional and reputable payroll providers.

Cash Theft

Cash theft is one of the key aspects of asset misappropriation, which may also take the form of check tampering, accounts-receivable skimming, fake billing, and payroll schemes. There are several ways cash disappears in a small business. First, it could be through fraudulent disbursement of cash — cash released by an employee that the owner did not authorize. Sometimes, employees also take the cash that has not been reported into the accounting system and use it for other purposes not related to work. This can harm the business in the long run.

Online Banking Fraud

Cybercrimes are becoming more sophisticated and any little security breach in your online bank details can lead to online banking fraud. Employees who are not trustworthy can use the company’s bank details in their possession for malicious purposes. Scammers can also use high-tech strategies such as phishing, malware (software), and vishing (phone numbers) to tamper with your online banking account details. A red flag is when money goes missing from the account without a trace.

Staying updated with cybersecurity measures is a way to protect your business from online banking fraud. Also, only give sensitive online banking details to trusted employees and ensure to report to the financial institution in charge of your bank account as soon as you notice such unaccounted deductions. Additionally, you can contact the FTC or the FBI for guidance.

Invoice Email

This type of fraud involves employees sending illegal emails to clients informing them of changes in payment details. It is usually not easy to detect this type of fraud as business owners can only be alerted when clients complain of such emails or when they don’t get paid for a service rendered.

Giving your company’s official email access to only trusted employees can go a long way to prevent this scam. You can also do regular account check-ins and create awareness among clients about the official bank account details for payments.

Phishing Emails

Phishing emails are designed to get valuable information about your business bank account details or other sensitive information that can be used to siphon funds from your business bank account.

Always try to verify the genuineness of any email that requests card details or other sensitive information. Additionally, avoid clicking on suspicious links from an unknown email as it may take you to a website that’ll request your credit card numbers or passwords for payment purposes or other reasons. It is also important that you have up-to-date antivirus software and firewalls installed on your office computer to avoid phishing scams.

Insurance Fraud

Employees can sometimes file bogus claims related to fake or mild workplace injuries. They may demand large health care compensation. Installing security cameras in your business location can help. It is also very good to have sufficient health insurance coverage to protect yourself from such fraudulent scenarios. In addition to health insurance fraud, unemployment insurance fraud is another common insurance fraud. However, both the employer and employees are sometimes guilty of this type of fraud.

Bank Account Takeover

Getting access to your online bank details is very dangerous to your business finances; if not noticed on time, your funds can be easily drained. Bank account takeover fraud can be done both by internal and external perpetrators. You should beware of employees continuously asking for your sensitive business bank details or login details. More organized fraudsters can even use malware to try to gain access to your login information. It is safe for you not to log into your bank account using an unsecured network, and don’t ever log in to your bank website without really verifying if it is the genuine one.

3 Ways to Protect Your Small Business From Fraudsters

As a small business owner, you are responsible for doing your utmost best to protect your investment against scammers. Some measures you can take include:

• Educate yourself. Understanding how fraudulent activities impact your business will help you stay updated with the latest tricks con artists may employ to target your business.
• Educate your staff on how best to protect sensitive company data like trade secrets, intellectual property, and account information, including account number, client information, and other sensitive information. Employees should also be made aware of the potential warning signs or red flags.
• Integrate a fraud management system into your business to monitor real-time transactions across company users.

Source: Skynova:14 Common Types of Small Business Fraud

Business Compliance Tip #10

Fraud in Small Business cont’

Compliance encompasses several aspects of business, including Fraud.

It can be hard figuring out how con artists may target your small business because different types of fraud exist. Here, we’ve detailed the common types of frauds right now, the potential signs, and how best to mitigate them. 

8 Common Types of Small Business Fraud

Directory Fraud

Another ploy to scam you into getting your business details and procedures is through directory frauds. You may get a call that your company’s information needs to be updated on a popular online directory to reach more potential customers. Small businesses may easily fall for such fraud schemes since they want to get more customers.

Once payment is made, you will then discover that such a business directory is not real or you are not contacted by the real owners of such directories. Verify the business directory platforms first before engaging in any business.

Intellectual Property (IP) or Trade Secret Fraud

Your company’s IP is perhaps the most valuable intangible asset of your business and is highly vulnerable to theft or leaks. Although IP is protected under patent, copyright, or trade secrets law, it can still be used against you when it ends up in the hands of competitors. Intellectual property fraud can occur in the form of underworld cyber actors breaching your system and stealing it to be sold to your competitors. You can also fall victim to the invention promotion scam.

Identity Theft

With emerging technologies, identity theft is becoming more common among small businesses, and this can cause a lot of reputation damage and loss of valuable resources when not discovered early enough. Identity theft happens when your personal information, such as your Social Security number, credit card information, bank account number, and other account information details, is used for malicious purposes or to steal your funds. The use of data mining is a common way to perpetuate this kind of fraud.

A potential warning sign is when you begin to notice unfamiliar account details on your payroll or credit report or when you get debits that you cannot trace or account for. It can become worse when the IRS notifies you of changes in your tax information. To mitigate this, always evaluate your financial records. Once you notice a red flag, proceed to change your login details, pins, and passwords. For severe cases, notify your financial institution to freeze or close your account to avoid further funds deductions. Furthermore, contact IdentityTheft.gov for more directives.

Stolen Tax Return Fraud

Stolen tax return fraud occurs when your Social Security number is stolen by someone else and used to receive your tax return. You will only discover this when you file the tax return and get rejected by the IRS stating that you are already on the list. To prevent tax fraud, experts recommend filing your taxes early. Additionally, avoid giving out your Social Security number carelessly.

Debit and Credit Card Fraud

This fraud happens when scammers get a hold of your credit or debit card details, such as card numbers, security numbers, expiration dates, and PINs, to carry out transactions that you do not authorize. You start noticing charges for transactions you don’t recognize or you have used in a location you’ve not visited.

Your credit and debit card details should be confidential; report to your bank when you notice unauthorized transactions. A change of your bank card details may be necessary to stop further deductions.

Financial Statement Fraud

Office Supplies Fraud

False Invoice Fraud

3 Ways to Protect Your Small Business From Fraudsters

As a small business owner, you are responsible for doing your utmost best to protect your investment against scammers. Some measures you can take include:

• Educate yourself. Understanding how fraudulent activities impact your business will help you stay updated with the latest tricks con artists may employ to target your business.
• Educate your staff on how best to protect sensitive company data like trade secrets, intellectual property, and account information, including account number, client information, and other sensitive information. Employees should also be made aware of the potential warning signs or red flags.
• Integrate a fraud management system into your business to monitor real-time transactions across company users.

Source: Skynova:14 Common Types of Small Business Fraud

Business Compliance Tip #11

Business structure affects the filings, reports, and other formalities a company must carry out to legally conduct business. Every state has its own rules, and counties and local municipalities may have regulations, as well. To give you a general idea of what different business structures have to do to stay compliant, I’m going to list compliance formalities by entity type:

Sole Proprietorship and Partnerships

Sole proprietorships and partnerships are considered the same entity as their owners (both legally and from a tax perspective). So, there are no corporate compliance formalities to maintain them. However, that doesn’t mean that entrepreneurs operating as sole proprietorships or partnerships don’t have rules to follow to run their businesses legally! Some of the things that individuals running their businesses as sole props and partnerships must do include:

• File for and renew their fictitious name (DBA) if they are marketing their business under a name other than one that includes their first and last name.
• File their personal income tax returns (business income is reported on IRS Form 1040 Schedule C) and pay applicable income tax AND self-employment tax.
• Apply for and renew any required business licenses and permits.
• Collect and remit sales tax (if required for the products and services they are selling).
• Obtain an EIN (Employee Identification Number), if hiring employees.
• Abide by all employment and labor laws (if the business has employees).

Limited Liability Companies (LLC)

A Limited Liability Company is considered a separate legal entity from its owner(s) (called members). The LLC structure gives members some protection against the legal and financial debts of the business. However, from a tax perspective, an LLC and its owner(s) are treated as the same entity. In other words, taxes flow through to owners’ personal income tax forms.

Some of the compliance requirements LLCs must usually fulfill include:

• File Articles of Organization to establish the entity with the state.
• Appoint and maintain a registered agent.
• Obtain an EIN (Employer Identification Number).
• File an initial report and annual reports.
• Create an operating agreement to put forth the company’s major decision-making and operating procedures (generally, it’s not required by the state, but it helps ensure other compliance requirements are addressed properly).
• Issue member shares and record interest transfers.
• Hold LLC member meetings (also, prepare minutes and have all members sign to approve them).
• File their income tax returns and pay applicable income tax (business income is reported on IRS Form 1040 Schedule C) AND self-employment tax).
• Apply for and renew any required business licenses and permits.
• Collect and remit sales tax (if required for the products and services they are selling).
• Abide by all employment and labor laws (if the business has employees).
• Maintain a bank account solely for business activities. Do not commingle business and personal financial activities and funds.
• File Articles of Amendment to report any significant business changes.

Corporations

A Corporation (C Corporation or C Corp) is a separate legal and separate tax-paying entity from its owners (called shareholders). With more stakeholders and a higher degree of liability protection for owners and directors, Corporations have stricter compliance requirements than other business entities.

Below are examples of what C Corps may need to do to satisfy their compliance obligations:

• File Articles of Incorporation to establish the entity with the state.
• Appoint and maintain a registered agent.
• Obtain an EIN(Employer Identification Number).
• File an initial report and annual reports.
• Adopt corporate bylaws to put forth the company’s major decision-making and operating procedures.
• Apply for and renew any required business licenses and permits.
• Appoint and maintain a board of directors
• Hold board of directors meetings (also prepare minutes afterward, and have all directors sign to approve them).
• Hold annual shareholder meetings (also prepare minutes and have all directors sign to approve them).
• Pay taxes and file corporate tax returns.
• Collect and remit sales tax (if required for the products and services sold).
• Issue stock to shareholders and record stock transfers.
• Abide by all employment and labor laws (if the business has employees).
• Maintain a bank account solely for business activities. Do not commingle business and personal financial activities and funds.
• File Articles of Amendment to report any significant business changes.

S Corporations

An S Corporation is not a type of business entity but rather a special tax election that eligible LLCs and Corporations may choose. Generally, S Corporation requirements follow what the underlying entity (LLC or Corporation) must fulfill.

Tune in tomorrow to find out the consequenses of Non-Compliance

Business Compliance Tip #12

Consequences of Noncompliance

Yesterday’s tip discussed some of the typical compliance requirements, let’s get into what could happen when businesses do not follow the rules. The severity of penalties vary, and they often depend on the seriousness of violations. For any business, noncompliance can cause big problems!

Here are some of the possible consequences of noncompliance:

• Piercing of Corporate Veil –  “Corporate veil” (also called a “corporate shield”) is the legal distinction between an LLC or corporation and its owner(s). It is the legal separation established by keeping a company’s activities, assets and liabilities independent from those of the business owner(s). If an LLC or Corporation fails to fulfill its compliance requirements, a court might decide that the corporate veil has been pierced and that the individuals who own or oversee the business are personally accountable for the debts or legal wrongdoing of the company.
• Audits – Noncompliance draws closer inspection of a business’s processes and financials. No one likes to hear the word “audit.” That’s no wonder because audits demand a lot of time and money as business owners and employees get pulled away from doing revenue-generating work.
• Financial penalties – Noncompliance can hit a business’s checking account hard. There may be fines, back taxes, interest, and other financial penalties levied if a company fails to fulfill its compliance requirements.
• Suspension or termination of the business – If the frequency or severity of noncompliance warrants it, a company may fall out of good standing with the state and be forced to either suspend operations or close its doors entirely. Stating the obvious, this can be fatal for a business.
• Imprisonment – The LLC and Corporation business entity types provide some liability protection to owners and directors. However, noncompliance may lead to civil or criminal prosecution of owners, officers, and directors if their personal actions were unlawful or negligent.
• Damaged brand reputation – As word gets out publicly about a company’s noncompliance, it could permanently hurt the business’s reputation. That could destroy customer and vendor confidence as well as make lenders wary of providing financing to the business in the future. The hit to a brand’s reputation can destroy trust in the company and limit future opportunities.

How to Stay Compliant

For some businesses, the compliance requirements may be numerous and complex. Entrepreneurs must understand their obligations so that they don’t suffer the consequences we covered above—especially the increased legal risks associated with piercing the corporate veil. To accomplish that, I recommend seeking mentorship as well as professional legal and accounting expertise.

Source: Corpnet

• provide workers with knowledge about what is expected of them, e.g., behavior and performance standards.
• provide rules and guidelines for decision-making in routine situations.
• provide a consistent and clear response across the company in dealing with situations.
• demonstrate your good faith that workers will be treated fairly and equally.
• provide an accepted method of dealing with complaints and misunderstandings to help avoid claims of bias and favoritism;
• provide a clear framework for the delegation of decision-making.
• provide a means of communicating information to new workers; and
• ensure that you are better equipped to defend claims of a breach of employer obligations, e.g. health and safety legislation.

Business Compliance Tip #14

Compliance Policy Must Haves Especially with Employees

Having and maintaining certain rules and regulations is one crucial aspect of running a company.

1. Defined Designation Descriptions For All Employees

One of the biggest mistakes that companies may make is going easy on the designations that they assign to their employees.

While they may do this to keep their employees from limiting their potential, in the long run, this can often backfire as well.

Let’s consider a scenario where you hire a new program developer but don’t define their role or their responsibilities for one reason or the other. In the initial days, this can still be fine. However, if the role is assigned even after a few days, your employees may start feeling insecure.

And we all know what happens when employees start feeling insecure. So, don’t let that happen.

Understand the importance of defining roles and designations of all employees that work for you.

2. Working Hours and Days

Even though the idea of flexible work hours is active and effective among employers of this generation, it’s essential to realize that this may require extra efforts from your management teams.

And that’s also fine. The point is that all your employees must know about the working hours (if you have defined them) and the working days that they need to visit the office on.

For example, some companies offer their employees two leaves a week, while others offer only one. Similarly, some companies offer their employees one extra leave once in a month while others may offer only one additional leave in a month.

And the same goes for working hours as well.

So, keep them defined.

3. Remote Work Policies

Well, this is certainly the most important hour to talk about this. The recent coronavirus outbreak has made a large number of organizations to encourage their employees to work from home.

Clearly, there’s a need for you too to consider defining specific work from home policies, so when your employees work remotely, they know what all is expected from them.

For example, if you want them to stay online on the work portal or to stay on the camera for completing their work hours (not the best thing to do, but if your organization requires it).

So, count this in while defining compliance policies for your company.

4. Rules Regarding Company Hierarchy

Organizational hierarchy is one thing that a large number of companies have in common. And if your company is also one of them, it’s important for you to define your organization’s hierarchical rules and regulations to all your employees, whether new or old.

This will make them aware of who their senior managers are and who are working parallel to them so they can know the people who they need to report to and take guidance from.

5. Workplace Discipline

Another set of rules that all organisations must setup is related to workplace discipline.

Basically, you would know how you want your employees to behave when they are in the office. And this doesn’t specifically refer to bad behaviour. Although that must be covered and prevented under this set, the primary aim is to ensure workplace discipline regarding everything from meeting deadlines to working healthily as a team.

So, make sure you define certain rules for that. These compliance policies will help maintain the required discipline.

6. Rules Regarding Employee Training

Guiding your employees about their work responsibilities and several company policies is crucial. But does it come that easy?

Many times your employees may not like the idea of attending a training program.  And this can be for a number of reasons.

Some of them may find it boring. Some of them may be afraid that they’ll have to invest extra time. Some of them may have other priorities. The point is, the process still remains crucial for you.

So, how to implement it?

Well, by setting certain rules and regulations about employee training can help you.

Also, if your employees are finding your training programs boring, you can choose a smarter set of eLearning tools to gamify the program.

1. Keep good records– 1 out of 4 small businesses lose track of whether or not a customer has paid over the course of the year. Along with accounts receivable and collections, you also need to monitor business cash flow, track your receipts, and keep records of payroll and other payments. 
2. Separate Business and Personal Accounts– The IRS is always on the hunt for small businesses not paying taxes. If you get audited, one of the first things they will do is review your professional and personal accounts to look for any commingling. They are looking for personal expenses reported as business expenses. 

3. Claim all your income reported to the IRS– you may want to figure out how to pay no small business taxes, yet small business tax avoidance is not a good idea. Know that the IRS gets a copy of all the 1099-MISC forms you receive. That means they can and will check that the income you claim matches what has been reported.  You should also report income that is not recorded on 1099-MISC forms. It is not adviseable to treat any of your income as if it could be a small business tax shelter. 
4. Follow small business tax strategies to reduce income tax– There are many ways to reduce taxable income for small businesses. Start by researching tax credits such as the general business credit, investment credit, credit for employer-provided childcare and facilities, the Indian employment credit and more. Also look into Section 179 eligibility, mileage, home office, salaries and wages, furniture and equipment, travel, insurance, professional fees, etc.  
5. Make charitable contributions– Not only is this a great thing to do from a business sustainability perspective, but it can also cut your tax liability. You can donate cash, merchandise, or other assets and be entitled to a deduction on your taxes. Request a receipt from the 501(c)(3) charitable organization to show you are giving back to your community to get the tax benefit too. 
6. Hire professional help– It can also help to hire professionals to either manage your payroll or help with your small business tax bull. Bookkeepers and accountants could share small business tax tips that you wouldn’t know about otherwise. It is not all about how to lower your small business taxes. Your accountant should work with you throughout the year to track incom and spending, to make sure you don’t have a cash flow problem, and to monitor your gross and net profits. 

1. Review Electronic Storage Security Regularly

   Your team is responsible for lots of ePHI, which means maintaining regular security practices is a must. Even if you have well-defined processes, you still need to review electronic storage security to guarantee compliance. 

   First, take a look at how your team stores documents with sensitive data. Ask yourself these questions to get started:

   • Is access limited to employees who need it for their work? 
   • Is your data encrypted? 
   • Does your storage solution need two-factor authentication? 

   Next, review the security measures you have in place: 

   • Are antivirus programs current? 
   • Are passwords changed regularly? 
   • Are you recording a document changelog?

   Schedule a monthly or quarterly security review on the calendar to confirm that your data is secure. If you notice vulnerabilities during your review, solve security threats right away to lower security risks.

2. Record the Audit Trail

   When you’re working with sensitive data, it’s important to know who has access to that information.

   Maintaining an audit trail helps your team know who can access which documents, and how their team members altered those documents. An audit trail contains a full log of every change made to a document, the user who made the change, and when they made it. 

   Keeping up a manual audit trail is challenging, and there are tons of opportunities for information to fall through the cracks. One of the biggest risks happens during the review and approval process, which might happen over email or on the phone. When this information isn’t properly tracked, the audit trail loses its validity. 

   The US Department of Health and Human Services (HHS) recommends monitoring and logging changes automatically to maintain an audit trail. System-level audit trails play an important role in data security and limiting access to the right people. Meanwhile, application audit trails help you complete your entire workflow within one tool by recording changes every step of the way.

3. Confirm Ongoing Compliance with Checklists

   Many organizations assume that their employees always follow the designated process. So, if your HIPAA risk assessment reveals avoidable human errors, you may feel at a loss to solve these problems and improve accuracy. 

   A checklist can be a valuable quality control tool that encourages team members to double-check their work, reducing the likelihood of small mistakes that can trigger an audit. While checklists may seem simple, they help employees perform their tasks consistently and stay focused on the job at hand.

   While it may seem like following a checklist will slow down your process, it can actually help your team work faster and with better accuracy. Checklists are especially valuable to maintain version control or support the review and approval process. However, keeping track of many checklists for different document types can be daunting. 

1. Become a Google Customer-

   Unfortunately, only the paid version of Gmail can be used for handling PHI, and only if it’s set up the right way.  Why?  Here are a few reasons:

   • Google will only sign a HIPAA BAA with paid customers
   • Google’s computers scan emails for advertising
   • Google’s employees can (though usually don’t) see your emails
   • A patient might notice you’re using insecure email and complain
2. Sign a HIPAA Business Associate Agreement- Once you’re a customer, Google has a very simple process for executing a HIPAA BAA.  You can do it right online, with no forms to fill out. 
3. Get Patient Consent- Patient consent is highly recommended.  If you’re in a healthcare practice, get written consent from your patients before you communicate with them via email or text messages.  It’ll save you a world of pain down the line if you get a complaint.

4. Use Your email signature-

   Add an automatic email signature that reminds people that email is insecure, and to delete email not meant for them.

5. Carefully plan how you will use PHI in email- Ensuring you are sending PHI information securely
6. Warn patients about insecure email- You want to inform your patients the danger of sending PHI unsecure. 

7. Secure connection between HIPAA Complaint Gmail and your computer-

   If you access Gmail in your browser (using Chrome, Internet Explorer, Safari, Firefox, etc.), then you already have this covered.  A secure connection is always on by default.

   If you’re curious, here’s how you can tell.  Look for the green lock and the “https.”

8. Train your staff-

   If you have any employees (even one), you need to have a clear policy and train them on your expectations of using email and SMS.

   Specifically, train them thoroughly on how to identify PHI, and your expectations of how they should handle PHI in email and SMS.

   You should also train them on how to identify and handle:

   • Emails with viruses
   • Emails with tricky links
   • Emails with unusual attachments
   • Emails from people they don’t recognize

   More info to come regarding email.