What Regulations Apply to Corporations Working in the U.S.?

In the United States, doing the right thing can be good for a corporation’s business. Principled customers often flock to support an organization that treats its employees well, is transparent about its financials, and wins business through healthy competition rather than bribery.

But if the carrot of loyal, values-based customers isn’t enough motivation for a corporation to act ethically and fairly, the stick of government fines and penalties is intended to do the trick. In recent years, the federal government has wielded a sizable stick against corporations that fail to meet their regulatory compliance requirements.

Cryptocurrency company Binance was issued penalties of over $4 billion by the Department of Justice (DOJ). The penalties included a criminal fine of approximately $1.8 billion for its failure to comply with the Bank Secrecy Act, one of several U.S. anti-money laundering (AML) regulations. In addition, Binance’s CEO was forced to resign for failure to operate an adequate AML program. In the words of Deputy Attorney General Lisa O. Monaco, who spoke about the Binance case, “A corporate strategy that puts profits over compliance isn’t a path to riches; it’s a path to federal prosecution.”

Investment banking company Goldman Sachs was penalized in excess of $2.9 billion for violations of the Foreign Corrupt Practices Act (FCPA), which prohibits U.S. companies from bribing foreign governmental officials. Financial services company Wells Fargo was fined $3 billion for unethical practices. And lest you think only finance-related corporations have bent the rules too far, automaker Volkswagen (VW) ultimately agreed to pay over $14 billion to settle claims that it cheated U.S. emissions standards.

Fines aren’t the only way companies lose money once their noncompliance is discovered. Like Wells Fargo, VW suffered significant reputational damage after the public became aware of its unethical conduct. Which brings us back to the start: Doing the right thing is good for the company’s bottom line.

In this article, we'll discuss regulatory compliance for U.S. corporations (and non-U.S. corporations doing business in the U.S.): what it is, why it’s important, some of the key federal regulatory agencies and their compliance requirements, the consequences of noncompliance, and what many U.S. corporations do to ensure they remain in regulatory compliance.

What Is Regulatory Compliance?

Regulatory compliance refers to a corporation’s adherence to external laws and regulations established by federal, state, and local government entities.

The specific regulations that apply to a given corporation can vary based on the industry. Applicable laws also depend on where the corporation resides and where it conducts business, which are not always the same thing. For example, a corporation based in New York must comply with both federal and New York state regulations. If that same company does business in California, it must also adhere to all relevant California regulations. Similarly, an EU-based company that does business in the U.S. must comply with U.S. regulations.

Regulatory Compliance vs. Corporate Compliance

Regulatory compliance is not the same as corporate compliance. While regulatory compliance focuses on a corporation’s adherence to external (i.e., governmental) laws and regulations, corporate compliance relates to a corporation’s compliance with its own internal controls, policies, and procedures. However, both types of compliance have a common goal: to ensure accountability by the business.

Why Is Regulatory Compliance Important?

The importance of regulatory compliance is clear from both the perspective of the U.S. government and those corporations doing business in the country.

From the government’s perspective, regulatory compliance:

• Protects the public interest and U.S. business interests

• Protects the health and safety of employees and the environment

• Protects shareholder interests

• Ensures the fair and ethical operation of U.S. corporations

From a corporation’s perspective, regulatory compliance:

• Strengthens/maintains a corporation’s reputation

• Engenders trust from business partners

• Allows a corporation to attract and retain good employees

• Reduces risk

• Protects the bottom line

• Allows the corporation to avoid the various costs and consequences of noncompliance (see below)

Federal and State Regulations for Corporations

Key federal regulations. There are several key U.S. regulatory agencies whose regulations apply to most companies operating here. These include:

• Occupational Safety and Health Administration (OSHA), which regulates employee health and safety.

• Department of Labor (DOL), which regulates payment of employee wages and overtime, and enforces the Family and Medical Leave Act (FMLA).

• Equal Employment Opportunity Commission (EEOC), which enforces federal employee anti-discrimination laws.

• Federal Trade Commission (FTC) and DOJ, which together enforce federal antitrust laws designed to maintain competition in the marketplace.

• Securities and Exchange Commission (SEC), which enforces corporate governance and accounting requirements through the Sarbanes-Oxley Act.

Certain sectors establish industry standards that apply to any organization in the industry. For example, specific industry standards are enforced by:

• Food and Drug Administration (FDA), which regulates the manufacture and labeling of food products, cosmetics, drugs, and medical devices. 

• National Highway Traffic Safety Administration (NHTSA), which regulates the safety of motor vehicles.

• Department of State, which regulates exports of defense-related products, services, and information.

• U.S. Department of Health and Human Services, whose Office for Civil Rights (OCR) protects patient information through the Health Insurance Portability and Accountability Act (HIPAA), which applies to healthcare organizations.

• Financial Crimes Enforcement Network (FinCEN), which safeguards the financial system through various Anti-Money Laundering (AML) laws, including the Bank Secrecy Act.

State and local regulatory bodies. In addition to industry regulations and federal regulations, corporations are subject to state and local regulatory authorities, which include agencies that establish environmental regulations, data protection requirements (such as the California Consumer Privacy Act), laws regarding consumer protection, and other laws and regulations. 

Consequences of Noncompliance

As noted above, the consequences to a corporation for its failure to comply with applicable U.S. regulations can include the following:

• Legal and financial penalties

• Reputational damage

• Business disruption

• Increased government scrutiny, such as through in-house government monitors (which are paid for by the company)

• Additional costs, such as costs associated with the recall of noncompliant products

How Corporations Ensure Regulatory Compliance

The DOJ has set out sentencing guidelines to ensure consistent fines and penalties are issued to corporations that don’t comply with federal regulations. In the “Effective Compliance and Ethics Program” section of the guidelines, the DOJ provides corporations with a roadmap for how to comply, and savvy corporations follow this map in setting up internal compliance programs.

According to the guidelines, the elements of an effective compliance and ethics program include:

• Compliance officer: Appointed by companies to create a compliance program and manage, review, and document a company’s compliance efforts.

• Compliance policy: Delineates rules to ensure the company complies with laws and regulations.

• Code of conduct: Expresses the company’s values and ethics, establishes rules for employee conduct, and provides a reporting requirement and mechanism (usually an anonymous hotline) for employees to call if they see or suspect conduct that violates laws, regulations, or the requirements of the compliance program.

• Employee training: Ensures all employees fully understand the compliance policy, code of ethics, and any other regulatory compliance-related matters. Best-in-class companies perform employee training at least once a year.

• Documentation: Shows employee training as well as hotline reports (and particularly how any reported unethical conduct was handled).

• Regular compliance monitoring and review: Allows the company to assess its compliance efforts and, where necessary, refine its compliance processes.

More Regulations Mean More Work for Lawyers   

Given the dire financial, reputational, and operational consequences to any corporation that fails to comply with applicable regulations, most U.S. companies take regulatory compliance extremely seriously. Future lawyers who acquire expertise in this area may find themselves called upon often to counsel corporate clients seeking to avoid regulatory trouble or who find themselves in the government’s crosshairs.

Stay up to date on the latest legal developments in California, Connecticut, Indiana, and the rest of the nation with Purdue Global Law School.

Purdue Global Law School offers full-time and part-time online Juris Doctor programs. Graduates of our JD program are academically eligible to sit for the California or Connecticut bar or, with an approved petition, the Indiana bar. If you wish to advance your legal education but do not intend to become a practicing attorney, you may consider an online Executive Juris Doctor.

Single law courses are also available to help you explore a particular area of law without committing to a full degree program. Request more information today.