Workplace Compliance Guidelines

If customs walks in today, are you ready? Most aren’t and the penalties prove it. What triggers a customs audit ? 1. Random Selection Part of risk-based targeting systems to keep audits fair.  2. Red Flags Errors or inconsistencies in import declarations can raise alarms.  3. Industry Targeting   Customs focuses on industries with high fraud risks like electronics and pharma.  4. Prior Non-Compliance Past penalties or lack of response can trigger scrutiny.  5. **Related Party Transactions**   Intra-company deals face extra checks for pricing issues.  6. FTA Claims   Large claims for Free Trade Agreements may lead to reviews.  Common Mistakes That Trigger Penalties  - Misclassification  Customs uses data analytics to find errors. This can lead to a duty shortfall of up to three times.  - Undervaluation Transfer pricing reports can expose undervalued goods, resulting in fines and interest.  - FTA Misuse  Lack of origin support during claims can mean repayment of duties plus penalties.  - Poor Recordkeeping Random audits can catch missing documents, leading to fines.  - Misdeclared Dual-use Goods   These can lead to serious legal issues.  - Inconsistent Broker Instructions   Discrepancies can cause loss of benefits.  Preparation Best Practices - Assemble a Compliance Task Force    Include Trade Compliance, Finance, Logistics, and Legal teams.  - Review Historical Import Data Analyze reports from brokers and customs tools for the last 12 to 36 months.  - Validate HS Classifications  Cross-check with product specs and rulings.  - Review Valuation Methodology   Ensure all dutiable elements are included in declared values.  - Confirm Origin Documentation  Match each FTA claim with valid supplier declarations.  - Check Recordkeeping Protocol   Keep all documents accessible.  - Audit FTA Claims  Randomly select entries to trace back to source.  - Examine Related Party Transactions  Ensure customs values are based on fair market pricing.  - Spot Audit Broker Instructions  Pull recent declarations to check accuracy.  - Prepare a Compliance Report   Summarize risks and actions taken.  **Do's**  ✅ Designate a single point of contact for customs.   ✅ Be transparent but only provide requested information.   ✅ Keep an audit log of all communications.   ✅ Prepare an intro presentation outlining import processes.   ✅ Provide documents promptly and in order.  **Don'ts**  ❌ Don’t argue or blame other departments.   ❌ Don’t offer unsolicited documents.   ❌ Don’t allow unscheduled interviews with untrained staff.   ❌ Don’t say “we’ve always done it that way.”  **Post-Audit Actions**  Review findings with your broker or legal team.   Respond within the deadline to correct inaccuracies.   Implement corrective actions and document them.   Schedule a follow-up audit within six months.   Update SOPs and training based on findings.  

How do wage underpayments actually occur? It's very rare that they're deliberate. Usually they start with a small error that snowballs into thousands or millions of dollars. Often this is because the employer has no system in place to make sure they are paying people correctly. Let's take an aspect of the Commonwealth Bank Group's recent underpayment case as an example. The CBA's enterprise agreement (𝗘𝗔) allows employees to enter into individual flexibility arrangements (𝗜𝗙𝗔𝘀) that vary certain terms of the EA. All EAs and modern awards have these provisions. The employee has to be better off overall as a result of entering into the arrangement. It looks like CBA was offering a short-term incentive arrangement in exchange for employees agreeing to forgo certain benefits like allowances and overtime. The problem CBA ran into (or should I say, one of the problems) is that you can only enter into an IFA after a person has commenced employment. If you do it before this, the IFA will be invalid. CBA entered into IFAs with 2,694 people before they commenced employment. This meant that their IFAs were invalid and they should have been paid all of the benefits under the EA that they agreed to forgo. This amounted to total underpayments of $5,248,355. This is a common error that many employers make. It was a costly one for CBA. 𝗛𝗼𝘄 𝗰𝗼𝘂𝗹𝗱 𝘁𝗵𝗶𝘀 𝗵𝗮𝘃𝗲 𝗯𝗲𝗲𝗻 𝗽𝗿𝗲𝘃𝗲𝗻𝘁𝗲𝗱? Every employer needs to have a wage compliance plan in place. If CBA had one, it would have included a section on the use of IFAs. It would have assigned responsibility for compliance to the appropriate areas of this business. It might have looked something like this: 𝗟𝗲𝗴𝗮𝗹: • Ensuring that the use of IFAs complies with the IFA provisions in the EA; • drafting compliant IFA templates; • training HR on how to use IFAs, including how to apply the better off overall test; • conducting regular spot checks to ensure compliance. 𝗛𝗥: • Drafting IFAs using templates approved by legal; • ensuring that IFAs only amend permitted terms; • ensuring that each employee understands their IFA and genuinely agrees to it; • ensuring that each employee is better off overall as a result of entering into an IFA; • ongoing BOOT monitoring; • ensuring record keeping is compliant. 𝗣𝗮𝘆𝗿𝗼𝗹𝗹: • Providing calculations for the initial BOOT; • ongoing BOOT monitoring; • ensuring that each employee is paid per their IFA. 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘀 𝗮𝗻𝗱 𝘀𝗲𝗻𝗶𝗼𝗿 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁: • Responsibility for the overall system and satisfying themselves that it is adequate to ensure employees are paid correctly. This obviously needs more detail and should be tailored to each workplace. But it gives you an idea of the systematic measures that need to be put in place to create and maintain a corporate culture of compliance, as required under the coming federal wage theft laws. #humanresources #management #employmentlaw #law Tobey Teneille Source

The following is not legal advice. If you work for a US-based company and your accessibility program is linked to a DEI program, you need to break that connection as quickly as possible. This would have sounded backward a year ago. For most of the last decade, linking accessibility to DEI was a best practice. It helped accessibility gain seats at tables and commitments it had never had access to before. That structural marriage is now a liability. Yesterday, the DOJ announced a $30M settlement with PayPal over what it called an "unlawful DEI investment program." The Acting Attorney General was explicit: the administration intends to "root out illegal DEI from every corner of corporate America." PayPal is not an isolated case. Anything labeled "DEI" now invites scrutiny. Accessibility is legally distinct. It's grounded in the ADA, Section 508, and the Rehab Act, none of which share the legal theories driving current DEI enforcement. But when accessibility lives inside a DEI org or is publicly described as a DEI or even inclusion initiative, you've blurred a line the law clearly draws and tied a compliance obligation to whichever way the political wind blows. What breaking the connection looks like: 1) Move accessibility reporting out of DEI. 2) Legal, Product, Engineering, or a standalone Chief Accessibility Officer are all defensible homes. 3) Rewrite internal and external descriptions to reference the ADA, WCAG, and Section 508, not "belonging" or "inclusion" frameworks. 4) Separate the budget line. 5) Track and report accessibility metrics independently. You don't have to abandon your values. However, you do have to protect your legally mandated program from enforcement aimed at something else. Accessibility predates DEI and will outlast it. Make that obvious on the org chart. https://lnkd.in/g3Db92wY #Accessibility #DigitalAccessibility #ADA #WCAG #Section508 #A11y #DEI #ChiefAccessibilityOfficer

𝗜𝘀 𝘆𝗼𝘂𝗿 𝗺𝗲𝗱𝗶𝗰𝗮𝗹 𝗱𝗲𝘃𝗶𝗰𝗲 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝘁 𝗼𝗿 𝗷𝘂𝘀𝘁 𝗽𝗹𝗮𝘆𝗶𝗻𝗴 𝗱𝗿𝗲𝘀𝘀𝘂𝗽? This is a common occurrence with self certified class I devices or those already on the market So, is your product truly compliant? Here’s how to ensure your device doesn’t just 'look' the part: 𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱 𝘁𝗵𝗲 𝗖𝗼𝗿𝗲 𝗥𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁𝘀: → It's not enough to skim through regulations ↳ Dive deep and comprehend what each requirement means for your specific product → Every device has unique needs; tailor your compliance strategy accordingly 𝗜𝗻𝘃𝗲𝘀𝘁 𝗶𝗻 𝗖𝗼𝗻𝘁𝗶𝗻𝘂𝗼𝘂𝘀 𝗘𝗱𝘂𝗰𝗮𝘁𝗶𝗼𝗻: → Regulations and guidance documents evolve ↳ What was compliant yesterday might not be tomorrow (MDD compliant does not mean that it will be MDR compliant) → Regular training sessions for your team can keep everyone informed and ready 𝗘𝗻𝗴𝗮𝗴𝗲 𝘄𝗶𝘁𝗵 𝗘𝘅𝗽𝗲𝗿𝘁𝘀 𝗘𝗮𝗿𝗹𝘆 → Don't wait until the last minute to consult a regulatory expert ↳ Early advice can prevent costly mistakes and delays → Remember, regulatory alignment should be a partnership, not a checkbox 𝗗𝗼𝗰𝘂𝗺𝗲𝗻𝘁 𝗘𝗩𝗘𝗥𝗬𝗧𝗛𝗜𝗡𝗚 → If it's not documented, it didn't happen ↳ Keep detailed records of your design, tests, and compliance checks → This isn't just about passing an audit – it's about ensuring consistent quality 𝗖𝗿𝗲𝗮𝘁𝗲 𝗮 𝗖𝘂𝗹𝘁𝘂𝗿𝗲 𝗼𝗳 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 → Make regulatory alignment a part of your company ethos → When the whole team buys into the importance of regulations, compliance becomes second nature So, ask yourself: Is your device compliant or is it just dressed up for the part? What steps are you taking to ensure genuine compliance?

No one audits your fintech company until everyone does. So here are 6 things I’d review if I were scaling a fintech. At the beginning, everything works. • Your scrappy setup • Your one-size-fits-all contract • Your "we’ll deal with that later" mindset And in the early days, that’s fine. • You’re small • You’re fast • No one’s watching too closely But then you grow. • More users • More money • More visibility And that’s when things shift. • Regulators start paying attention • Investors ask harder questions • And the systems you built on Day 1 start to crack on Day 500 I’ve seen this pattern in fintech more than any other space. • Speed gets the spotlight • But structure builds the stage If you’re growing - good. But don’t let momentum blind you. The legal stuff you ignored at the start? It won’t ignore you later. So if you want to future-proof your legal foundation in fintech, here’s what I recommend: 1 // Schedule regular legal "Health Checks" • Review contracts, compliance policies, and data handling every 6–12 months • Don’t wait for a problem to do it • Involve legal counsel familiar with the fintech space to keep up with RBI, SEBI, and DPDP changes 2 // Upgrade your contracts proactively • Replace generic templates with sector-specific agreements • Make sure your terms with banks, partners, vendors, and users reflect your current scale, products, and risks 3 // Stay ahead of regulatory shifts • Monitor RBI, SEBI, DPDP updates • Subscribe to official circulars and advisories  • Adjust your systems before you get flagged Assign someone to own compliance and tracking if you haven’t already. 4 // Update your compliance & audit trail • Scale KYC, AML, and data localization compliance process with your user base • Maintain clear, audit-friendly documentation • Record every legal and compliance decision 5 // Train and communicate internally • Make sure your team understands the latest protocols • Train new and existing employees on privacy, fraud, and data handling • Communicate escalation paths clearly 6 // Build for scale, not just survival • Scrutiny increases with revenue. Investors and regulators expect compliance by design • Professionalize your documentation, adopt compliance tools, and formalize board oversight Don’t just build momentum - build resilience. • Schedule your next legal check-in • Update your contracts now, not later • Build a foundation ready for Day 500 and beyond Preparation is what keeps success from turning into a crisis. That’s the real foundation of lasting growth. --- ✍ Tell me below: Do you build for resilience?

🙏 Starting today, employers have a greater responsibility to prevent the sexual harassment of their staff. The new law, the Worker Protection (Amendment of Equality Act 2010) Act 2023, comes into effect today! Financial Conduct Authority - Per 1,000 employees in 2023 there were 7.2 incidents, compared with 4.2 incidents in 2021. This covers complaints ranging from sexual harassment and racism to bringing unwanted pets into the office. 1 / 4 of the incidents reported last year relate to bullying, while discrimination accounted for 25%. With the new law today: Employees: You have a legal right to a workplace free from sexual harassment. Employers: You need to take proactive steps to prevent harassment from happening in the first place. Tribunals will have the power to increase compensation by up to 25% if they find an employer has breached this duty. Here's what the CIPD suggests that employers do: 1. Review and update policies: Make sure your policies clearly define sexual harassment and outline how to report incidents. 2. Training: Educate all employees and managers about sexual harassment and your company's policies. 3. Reporting mechanisms: Create clear and accessible channels for employees to report harassment. 4. Investigate promptly: Take all reports seriously and investigate them thoroughly. 5. Leadership engagement: Senior leadership needs to be involved in creating a culture of respect and zero tolerance for harassment. 6. Monitoring and reviewing: Assess the gender diversity across the workforce at all levels and throughout the organisation e.g. recruitment and promotions. Another forward step! Anything else you'd add?

The Worker Protection Act is now in effect, and it’s a game-changer for businesses across the UK.   This Act, now requires companies to take proactive steps to prevent sexual harassment in the workplace. It’s about more than just compliance - it’s about setting a new standard for safety, respect, and dignity in the workplace.   INvolve - The Inclusion People’s research reveals just how needed change is. Of a survey of 1,000 women working within businesses with 250+ employees, we found that:   - More than half (55%) of women believe the women in their workplace are at risk of sexual harassment, and nearly one in ten (8%) said they feel the risk is ‘significant’ - Less than half (48%) think their employer has developed a clear sexual harassment policy - Nearly one in five (17%) of women said their workplace has not taken any actions to reduce the likelihood of sexual harassment in the workplace   These figures highlight a pressing issue: many businesses still lack the infrastructure to address and prevent harassment effectively. So, where do we go from here?   Here are three steps to start driving real change:   1️⃣ Review & Strengthen Policies: It’s time (rather it is overdue) for businesses to re-evaluate their existing policies and ensure they’re comprehensive and clear. Policies should explicitly define unacceptable behaviour, outline reporting processes, and ensure confidentiality for those who come forward. The system needs to be proactively created, and in line with the new Act, it needs to work too.   2️⃣ Mandatory Training for All Levels: Regular, in-depth training for every employee, from entry-level to C-suite, should focus on identifying, addressing, and preventing harassment, tailored to different roles and responsibilities within the company.   3️⃣ Anonymous / Confidential Reporting Channels: Create safe, anonymous channels where employees feel empowered to report issues without fear of retaliation. This gives everyone a clear, trusted avenue to raise concerns.   What else would you add? Let’s make a helpful list in the comments.   The Worker Protection Act is more than a mandate; it’s also an opportunity for businesses to take a closer look at their cultures, policies, and infrastructures. Are we fostering an environment where everyone feels safe, respected, and valued?   Senior leaders – it is vital that you drive this agenda from the top and ensure that the safety of your employees is a priority. What steps are you taking to demonstrate real accountability?   Let’s commit to making workplaces that truly uphold the highest standards of respect and inclusion. Get in touch with the team at INvolve to learn more about how we can support your organisation. More about our research and the Act in The Independent here: https://lnkd.in/edSPJ3Vv   #WorkerProtectionAct #SexualHarassmentPrevention #Business

How Banks Ensure Regulatory Compliance: Conducting Treasury Activities Regulatory compliance is a cornerstone of modern banking, ensuring financial institutions operate within legal frameworks. For banks, particularly in treasury activities, maintaining compliance is crucial to uphold trust, manage risk, and avoid significant penalties. Here is how banks ensure regulatory compliance in their treasury operations: Understanding Regulatory Requirements: Banks must have a comprehensive understanding of relevant regulations, including international directives and national rules. These cover capital adequacy, liquidity management, and risk assessment. Robust Internal Controls: Implementing robust internal controls is essential. Compliance departments monitor and enforce adherence to regulatory standards through regular audits and reviews of treasury activities. Effective Risk Management: Banks use risk management frameworks to identify, assess, and mitigate risks in their treasury operations. This includes market risk, credit risk, and operational risk, maintaining a conservative approach. Training and Education: Continuous training ensures staff are aware of regulatory changes and understand their roles in compliance. Specialised training for treasury staff focuses on specific compliance requirements. Technology and Automation: Advanced software solutions monitor transactions, manage data, and generate compliance reports. These tools detect potential compliance issues in real-time for prompt corrective actions. Regular Reporting and Documentation: Accurate and timely reporting to regulatory bodies is essential. Comprehensive documentation of all treasury activities ensures transparency and provides a clear audit trail. Engagement with Regulators: Proactive engagement with regulators keeps banks informed about upcoming regulatory changes and provides guidance on compliance matters, addressing issues before they escalate. Scenario Analysis and Stress Testing: Conducting scenario analysis and stress testing helps ensure compliance under various market conditions. Banks assess the impact on their treasury activities to ensure they can withstand adverse conditions. Ensuring regulatory compliance in treasury activities is a multi-faceted process requiring understanding regulations, implementing robust controls, managing risks, continuous education, leveraging technology, accurate reporting, engaging with regulators, and conducting scenario analysis. By prioritising compliance, banks navigate the complexities of the regulatory landscape, contributing to the stability and integrity of the financial system.

GDPR & PDPA Compliance Testing isn’t just a checkbox — it’s your user’s trust at stake. When you build software that collects personal data, your testing strategy needs a serious upgrade. It’s not only about catching bugs anymore — it’s about preventing legal trouble and protecting real people. Test every data flow: how it's collected, stored, shared, and even deleted. Validate consent. Review access controls. Simulate breach scenarios. Ask yourself: can a user really delete their data? Can they access it on demand? Make privacy a feature, not a footnote. Involve legal teams early and treat requirements like product features. And most importantly, don’t wait for a complaint to test what should’ve been tested from day one. Compliance is not a final step — it’s baked into every release. #GDPR #PDPA #QualityAssurance #DataPrivacy #SoftwareTesting #QACommunity

📢 Major Update in India’s Labour Laws – A New Era for Workers & Employers From 21 November 2025, the Government of India has implemented four major labour codes, reshaping the employment landscape across the country. ✅ What’s new All workers will now be entitled to minimum wages, irrespective of sector. Mandatory appointment letters for all employees — formalising employment relationships. Equal pay for equal work for women and formal inclusion of gig & platform workers. Social security benefits (PF/ESIC/insurance) extended more broadly, including fixed-term and contract workers. Free annual health check-ups mandated for workers above 40; stronger safety and working-condition norms. Simplified compliance: registration, licensing and returns via a more streamlined regime. 🎯 Why this matters For workers: More formal protection, transparency, and benefits. For employers: Clearer rules, uniform standards, and a modern regulatory framework. For the economy: A step toward formalising the workforce, boosting ease of doing business, and aligning with global standards. 📌 Key implications for organisations Review and update employment contracts, appointment letters, wage structures. Ensure social-security cover (PF/ESIC) is aligned with new norms for all categories of workers. Conduct workplace health & safety audits, and set up mechanisms for compliance with the new codes. Update HR policies especially for gig, fixed-term, contract, and women employees (night shift, etc.). Communicate changes to all employees to build trust and transparency