Stacey Supina headshot.

Outside Consultant: What Are the Best Ways My Business Can Reduce Compliance Risk?

This “Outside Consultant” column by Stacey Supina, J.D., LL.M., a faculty member in the Ethics and Business Law Department at Opus College of Business, ran in the Star Tribune on July 19, 2021.

Risk is a constant in business. People who work in compliance focus on reducing the risk from failure to follow legal rules, known as “compliance risk.” Some of these legal rules apply to all businesses, such as tax laws. Others are more specific, like air quality rules for factories. Businesses that operate outside of laws and regulations can face serious consequences.

The first and most important step to reducing compliance risk is identifying legal requirements. Not knowing about a law is rarely a viable defense. Start by brainstorming all the rules you know of, from federal and state taxes to local recycling. From that point, you can fill in missing pieces.

Expired licenses or permits can be a problem. Contact your city and ask if you need a business license to operate locally. License and permit requirements may also apply at the state or federal level. You or your employees may need licenses or permits for some activities. Fees (or late penalties) may apply. The Small Business Administration has a license reference tool – search “apply for licenses” on

Employment laws are likely on your list. Besides wage and hour laws, determine how civil rights, medical leave and safety laws regulate your organization. If your business advertises or contacts customers, communications and privacy laws may apply. Most businesses retain some customer information, meaning that data security requirements may be relevant.

The state attorney general’s website ( is a good resource to check further requirements for your specific situation. You can also consult your attorney, accountant and industry sources to ensure compliance.

With your list, turn to planning. Create a compliance calendar with due dates for needed filings and renewals, as well as reminders for upcoming requirements. Work with managers and staff to make legal standards part of the workstream; the more normal and routine you can make compliance, the more likely it will occur. Develop (or source) a recurring employee training program that builds awareness and accountability. If resources allow, consider adding a compliance officer.

Finally, keep checking that your list is up to date. Revise your plans and procedures as needed to minimize your compliance risk and keep your business running smoothly.

Stacey Supina, J.D., LL.M., is on faculty in the Ethics and Business Law Department at the University of St. Thomas Opus College of Business.