Skip to main content
Compliance

Introduction

The Challenge of University Risk Management and Compliance

Over the last several years, American universities have been confronted with a rapidly changing and challenging compliance environment. Universities, including BYU–Hawaii, are exposed to increasing governance, compliance, and ethical risks. In the current regulatory and social climate, addressing these risks has become a top priority at universities for at least two reasons:

  1. Laws and regulations represent the values and expectations that society, of which universities are a part, has established for the welfare of all of its members. Full compliance is the right thing to do.
  2. Where a compliance failure occurs, there is significant risk not only to the institutions themselves but to university executives and members of the Board of Regents or Trustees because of the personal liability that can accrue and because of the effect litigation, fines, and negative publicity can have on achieving the university’s mission.

Universities are considered an integral part of society and as such they are subject to the same laws, regulations, and expectations as any other corporate or private entity. This is evidenced by

  • The requirements of the Federal Sentencing Guidelines and National Institutes of Health guidelines addressing federal grant recipients;
  • An accelerating regulatory burden including the Affordable Care Act, the Clery Act, and changes to the expectations under Title IX of the Education Amendments of 1972;
  • Rising standards of accountability in the post-Enron/Sarbanes Oxley era, which results in heightened public and media scrutiny, as well as political pressure for greater accountability concerning public and donor funds;
  • Increasing fines and lawsuits directed at universities for compliance failures; and
  • Increasing oversight and disclosure requirements contained in the reauthorization of the Higher Education Act in 2008.

To successfully navigate this risk environment, BYU–Hawaii must not only articulate its commitment to good governance, compliance, and risk management principles, but it must integrate these concepts into the culture of the university, creating what federal guidelines call a “culture of compliance.” It is not sufficient to have policies and procedures in place; the policies and procedures must be documented, well communicated, implemented, and enforced.

To address this challenging environment, universities are developing institution-wide centralized compliance functions using Chapter Eight of the Federal Sentencing Guidelines1 (FSG) as their model. In fact, the concept of building a culture of compliance is derived from this chapter of the FSG.

Although the universities leading this effort were often prompted to act in response to significant regulatory compliance failures on their campuses, which result in significant fines, mitigation costs, legal sanctions, and negative public relations, BYU–Hawaii has been pro-active in initiating an effective compliance program without the impetus of a major compliance failure.

As with most important concepts, especially when working with human nature, our compliance program is never completely finished. This manual is designed to describe the rationale and underlying foundation for the BYU–Hawaii Compliance Program, document the program as it develops and changes, maintain an updated status of the program, and provide the necessary tools to help BYU–Hawaii managers ensure compliance with federal and state laws. This manual is available to all members of the university community but is designed to be used by the Office of Compliance and Internal Audit Services, Office of the General Counsel, and Risk Management and Safety, as a reference tool as they work together to implement an effective Compliance program at BYU–Hawaii.

This Compliance Manual provides the basic concepts, tools, and action plan necessary to establish and maintain an effective overall compliance program at BYU–Hawaii. This Compliance Manual is meant to be a “living document,” that is, it should be reviewed, revised, and amended as the compliance environment changes and as new or improved processes and tools become available.

This Compliance Manual should be reviewed at least biennially with the university’s Executive Risk Management and Compliance Committee to keep them apprised of the direction of the compliance program, new developments in the program, and the effectiveness of the program.

RESOURCEDESCRIPTION
Compliance 101PowerPoint presentation discussing the emergence of the compliance function and providing a basic background for the university compliance program.
Compliance in Higher EducationPowerPoint presentation discussing the history and nature of compliance programs in higher education.
A Culture of CompliancePowerPoint presentation discussing the legal landscape of American universities.
Issues Paper: BYU Compliance ProgramIssues paper recommending the BYU–Hawaii compliance program.
A Recommendation Promoting a Culture of CompliancePaper presenting the recommendations from the 2005 ad hoc compliance committee recommending a BYU compliance program.

End Notes:

1See §8B2.1 of Chapter Eight – Sentencing of Organizations, United States Sentencing Commission Guidelines Manual