When the general public thinks of New Year’s, they think of the confetti and ball drop of New Year’s Eve or the college football bowl games of New Year’s Day. But for the compliance world, the New Year is a time of newly-passed laws taking effect and internal analyses of your business via annual review.
Those of us in the Fintech industry see the calendar turning over as the ideal time to take a good look inward at our own company’s methods, conventions, and relationships. Following these steps to start your year, and doing so on an annual basis, ensures that your organization is ready for whatever may occur in the year ahead.
Complete Internal Compliance Training
Internal compliance training is a simple practice that can often be completed via an informative online course. Having employees complete compliance training will help them be informed of current issues, understand common compliance concerns as well as learn the best methods for storing company data and intellectual property.
Compliance training should be more than a quick read of a brochure: the learning process should be current, thorough, participatory, and relevant to your industry.
Keep in mind that compliance training, especially your company’s data management practices, could be impacted by the California Consumer Privacy Act (CCPA), which goes into effect January 1st, 2020.
Update Your Employee Handbook
An annual review and update of your employee handbook is another smart action that your business can undertake around this time of year. An updated handbook ensures that all the best practices at your company are officially enshrined, promoting uniformity for the proper handling of protection data, confidential information, and your trade secrets.
Surveying your employee handbook before the new year also helps you stay compliant with any new state employment laws. One key to keep in mind when making changes is to avoid using too much (or any) legal jargon. You’ll want to keep it simple and straightforward so that employees of every department understand what guidelines need to be followed.
Revise Security Accesses
Did you know that access controls are often among the first investigation points whenever there is a data breach? These access points can be some of your organization’s greatest security vulnerabilities.
Controlling the access to your systems is a key component of data security and is especially relevant with new data regulations from CCPA. During or before the start of a new year, your business should conduct a thorough annual review of who has access to any type of data within your organization. Make sure compliance, IT, and leadership work together to remove any unauthorized users from your access lists.
Taking a few simple review steps could guard your business against heavy regulatory fines and significant security risks.
Assess Partner and Carrier Contracts
This time of year is also an opportune time to examine the contact status of all of your partners. You’ll want to take steps to ensure that none of your partners are in breach of their contract with you in how they have operated.
It is also prudent to enact a review of the actions and compliance record of your partners. Were you informed by your partners if they faced any regulatory issues or claims over the past year? If your partner has not kept you informed of their compliance lapses, they could be in breach.
While these steps may not be as thrilling as watching freezing celebrities yuk it up in Times Square or seeing a last-minute punt return that enshrines a school in football glory, they represent a shrewd approach to the year ahead for your organization.