Compliance-First! A Guide to Understanding Data, Privacy, Security, and Building a Workforce that Thinks Compliance-First

Small businesses struggle with compliance.

Small businesses make up 99.9% of businesses in the United States. They’re responsible for employing almost half of the working American population. They are a vital contributor to our local economies and an essential part of our communities. 

But small business ownership comes with its challenges—especially when it comes to compliance. The National Small Business Association found that 1 in 3 SBOs spend more than 80 hours on federal compliance-related tasks per year

In fact, small businesses rank tax complexity the 7th biggest challenge they face each year.

SBOs spend too much time navigating the complexities of regulations and compliance, instead of focusing on business development, marketing efforts, and creating innovative products and services.

It’s obvious that small businesses don’t have the same resources to manage compliance that larger organizations do. But a recent report by the Ponemon Institute found the costs associated with noncompliance are 2.7 times the cost of compliance. This means small businesses can’t afford to ignore—or give little care to—compliance

Compliance matters—a lot. 

Compliant businesses:

  • Signal a willingness to follow best practices
  • Prevent costly delays and onerous penalties
  • Reduce risk for legal action, cyberattacks, and harmful accidents

Building a compliance-focused company requires committing to the tools necessary to help your business stay in-the-know about changes and updates to legislation, technology, and overall best practices to streamline processes and reduce risk. 

Smart businesses are doing this by automating compliance tasks with the help of HR tech— and creating a culture of compliance by hiring the right people who are behaviorally-wired for the task at hand. 

How small businesses benefit from remaining compliant

Compliance is about reducing risk. 

In the business context, compliance means complex and oft-changing regulatory requirements that span multiple governing bodies on the local, state, federal, and international levels.

There are compliance rules for nearly every function of the business. HR compliance includes employment laws like:

  • The Fair Labor Standards Act, which establishes minimum wage, overtime pay, recordkeeping, and employment standards 
  • OSHA, which regulates workplace safety
  • General Data Protection Regulation (GDPR) and the newly enacted California Consumer Protection Act (CCPA), which enforces data protection laws

Compliance keeps your workers safe, your customers secure, and your bottom line protected. In other words, compliance reduces risk.

Compliance is about avoiding costly penalties.

Remaining compliant helps your company avoid the administrative and financial burdens wrought by noncompliance—so you can focus on growing your business. 

Take California’s newly passed AB-5, for example. Small businesses that understand the intricacies of this law can confidently engage freelancers and hire contract workers. Businesses that misclassify workers face hefty fines that range from $5,000 to $20,000.

Compliance is about staying free from cyberattacks.

Teams that remain in compliance with company data security policy and legal privacy regulations are less likely targets for cyberattacks—a necessity considering 88% of SBOs feel their business is vulnerable to cyberattacks.

Compliance is a strategic differentiator. 

Another consideration smart businesses are making is rethinking compliance as a strategic differentiator. After years of questionable data practices in tech, reports of worker exploitation in some Fortune 100 warehouses, and the predatory lending that caused the housing market collapse, consumers are demanding more brand accountability. 

Businesses that are committed to making ethical operational decisions and remaining in compliance avoid costly mistakes that could result in financial ruin. 

Compliance matters because it:

  • Protects your business from legal issues: Being compliant mitigates the possibility of legal issues, such as civil lawsuits, wage theft, and patient or consumer privacy violations. 
  • Keeps you in-line with best practices: Following compliance rules and regulations keeps your business at the forefront of best practices on everything from employee safety to consumer data privacy. 
  • Safeguards your reputation: Remain compliant across your business to prevent potentially ruinous accidents, breaches, or legal action.
  • Saves you money: The average cost of each noncompliance citation is $30,651, but the real cost is much higher when you consider business disruption, lost productivity, and legal fees.

What does your small business stand to lose if you aren’t thinking about compliance? 

Simply put, a lot. 

Burdensome fees and costly penalties are just the tip of the iceberg. The larger impact is lost productivity and revenue, reputation damage, and possibly unrecoverable damage that could even close your business down. 

What are the risks of noncompliance?

  1. Fines, penalties, and legal action: Businesses risk fines and penalties for being out of compliance with a number of requirements like OSHA, GDPR, and required ACA reporting. For small businesses that do manage to escape without fines, the money (and time) spent fighting violations add up quickly.
  2. Damaged reputation: Consumers are more distrustful of companies big and small than ever before—so much so that damage to your reputation is now considered a major strategic risk. Businesses work hard to earn and keep consumers’ trust. Remaining compliant is a good first step in that direction. 
  3. Inability to deliver goods and services: Being out of compliance can mean setbacks in getting your products out there. Products can be recalled, held up at borders, or otherwise interrupted leading to lost revenue. 
  4. Wasted resources: Remaining in compliance requires time and attention, but dealing with noncompliance is even more taxing. Businesses face lost productivity, missed opportunities for growth, and the general headache of dealing with compliance violations, penalties, or lawsuits. 
  5. Loss of access to capital and funding: Companies that are out of good standing have a harder time securing funding. Venture capitalists are less likely to invest and banks are more hesitant to lend. 

What does this mean for small businesses?

Low manpower and manual processes create big-time risk.

Small businesses often lack the human resources manpower to sufficiently manage compliance. They’re unlikely to have a compliance officer or chief risk officer, and some don’t have HR departments at all. This means the responsibilities are left to the owner, who is trying to run the company while staying knowledgeable about regulatory requirements. It’s common for compliance-related tasks to end up in spreadsheets, emails, and documents—but these manual processes create big-time risk. 

Costs lead SBOs to do compliance on their own—with mixed results.

Staying on top of the internal and external patchwork of compliance regulations is confusing. But procuring outside advice from compliance attorneys and consultants is expensive. Analysts estimate American businesses will spend $2.8 billion each year complying with IRS tax filing requirements, or 1.3 million full-time workers doing nothing but tax return paperwork for business filing for a year. SBOs are forced to handle compliance themselves—in spite of their lack of expertise. When it comes to fines for non-compliance, lack of knowledge or resources is neither a waiver nor an excuse. 

Until recently compliance tools have been out of reach for SBOs.

Automating compliance tasks is a smart move, but most HR tech is designed for enterprises. Up until recently, small- and medium-sized businesses were forced to choose the “enterprise-lite” packages, which didn’t address the challenges and needs of their unique operations and business models. It’s important for SBOs to address compliance requirements in the context of their own specific business ecosystem. Zenefits is an HRIS specifically built for small- and mid-size businesses, finally giving smaller firms compliance confidence at a fraction of the costs. Learn more >

What smart SBOs are doing to build a Compliance-First! business

They’re using the right compliance technology.

Smart SBOs are offloading the responsibility of remembering regulatory deadlines, staying abreast of legislative changes, and keeping track of employee compliance status to HR technology companies who manage compliance. 

Without a central database to handle all the compliance-related tasks, things are liable to fall through the cracks. HR tech gives SBOs a central hub to manage compliance. This helps avoid juggling compliance-related tasks between emails, spreadsheets, and documents. Also, technology handles the completions of many compliance steps——like filling out and submitting 1094-C forms—automatically. It makes compliance a breeze.

Zenefits automates reporting, flags pertinent legislative changes or potential risks, files your payroll taxes for you, and guides you through many of the steps you need to take to complete each compliance task. Think Turbo-Tax® for business compliance. Learn more> 

They’re focusing on company culture.

Even with a fully-staffed compliance team and the right tech in place, companies need compliance to be baked into the culture. This culture of ethics and responsibility around compliance should emanate from the top down and be enforced by employees at every level. To accomplish this, you must be intentional in the way you design your culture.

Design your culture to promote and reinforce the employee behaviors you wish to see. Start by creating—or revamping—your core values. Whereas a company that’s focused on innovation might prioritize core values like action and drive, a company that’s focused on increasing compliance might choose responsibility, accountability, or safety

Once you’ve chosen your core values, communicate them openly and often. Make sure they’re easy for employees to remember and referenced and rewarded throughout your business.

Leaders can reward employees who embody and practice the organization’s core values through positive praise, monetary awards, and promotions. Rewards encourage greater adoption of those values.

They’re showing employees how they affect compliance outcomes.

In 2019, The Predictive Index released its annual Employee Engagement Report. According to the employees surveyed, the No. 1 driver of engagement is The senior leadership of my organization has communicated a vision of the future that motivates me. But in addition to creating that vision, senior leaders must show each individual employee how the work they do helps to make that vision a reality. It’s all about making day-to-day work feel meaningful.

If you seek to create a Compliance-First! business, you need to get employees excited about achieving the goal of compliance. When making changes or modifying procedures, be sure to explain the why. Draw connections between how they’ll be helping the company achieve its compliance goal. When you maintain compliance for the year, celebrate! Be sure to offer your sincere thanks, and reinforce the concept that each person played a role.

They’re hiring with compliance in mind.

The 2020 State of Talent Optimization Report found that just 49% of last year’s hires were good, according to 600 executives. 

The same executive panel also named the No. 1 reason employees are fired: They lack the right behavioral make-up for the job. 

Smart business owners who seek to build a Compliance-First! business are looking beyond the resume when it comes to hiring. They’re screening candidates for personality and values in addition to traditional data points like experience, education, and hard skills.

When you’re building a Compliance-First! company, you need to be able to trust that your employees will refrain from taking dangerous risks—and that they’ll escalate potentially jeopardizing situations. You also need to trust their moral judgment. 

The more candidate data points you can collect, the better you’ll be able to predict how well they’ll fit the role and your culture. 

How to hire employees who are wired for compliance

Predicting how candidates will behave at work

As a small business owner you might lack the resources to hire an in-house compliance officer. But if you’re hiring to fill an open role—like bookkeeper or business operations manager—consider whether that individual could help you with compliance.

The behavioral traits that make someone a natural fit for these roles are the same traits that map to maintaining compliance: risk-averse, analytical, deliberate, anticipates problems, appreciates rules and regulations.

When hiring for one of these roles—or a similar role—be sure to examine candidates’ behavioral drives. Again, you’re looking for people who are wired for compliance. 

Look beyond the briefcase and examine the whole person.

A mistake too many business owners make is hiring based on a resume and references alone. A smarter approach to hiring is to collect multiple candidate data points: resume, references, behavioral data, and cognitive data. We call this examining the whole person—the head, heart, and briefcase. When you examine the whole person, you add rigor to your hiring process—and you’re better able to predict candidate job fit.

Step one: The first step in examining the “whole person” is defining which behavioral traits a person would need to be successful in a given role. 

Let’s say you’re hiring a controller to oversee your accounting department. What behaviors would a top-performing controller need? They’d need strong organizational skills, close attention to details, trustworthiness, excellent communication skills, collaborativeness, and the ability to synthesize information. They’d also need to be risk-averse, analytical, and able to anticipate problems.

With the  PI Hire solution, you can set a Job Target for any open role. The platform walks you through pinpointing must-have behaviors. Or you can benefit from the old adage “There’s wisdom in a crowd.” Over the past 60+ years, hiring managers have been using PI to set Job Targets—and all that data is stored and ready for you to retrieve. 

The platform will also walk you through setting a cognitive target for each role. Learn more>

Step two: After you’ve identified the behavioral traits and cognitive ability a person would need to succeed in a role, it’s time to measure your candidates’ behavioral and cognitive data.  

Ask each candidate to take a behavioral assessment and a cognitive assessment. If you’re a PI client, you can administer both assessments with the touch of a button. The platform integrates with many HR platforms.

Step three: Evaluate candidates against the Job Target. To do this manually, you could use an Excel sheet or even a Google Doc. Using an AI solution you can also stack rank applicants according to match score, which factors in both behavioral and cognitive match. This decreases both time spent sifting through applications and unconscious bias. (Rather than judging someone on which college they attended—a factor that’s affected by socioeconomic factors—you can evaluate them on personality fit. This levels the playing field and opens you up to hiring a more diverse workforce.)

Step four: Ask structured interview questions based on each candidates’ behavioral profile in relation to the Job Target. This helps you probe into gaps and confirm fit. 

Probing into gaps: Let’s say the role calls for someone to be extremely detail-oriented. You have a candidate that seems great—except for they’re only moderately detail-oriented. Will this be an issue? Ask specific questions to understand if the candidate can stretch beyond their comfort zone in this area. You can do this by asking them to tell you about a specific situation when they had to pay close attention to detail. What was the situation? How did they handle it? What were the results?

Confirming fit: Let’s say the role calls for someone who’s moderately dominant. On paper, they come back as moderately dominant. Ask questions to confirm fit.

If you’re a PI client, the platform provides structured interview questions specific to the candidate’s behavioral pattern and the role they’re applying to. 

Keep this in mind when evaluating behavioral fit

Behavioral fit—and behavioral assessments—should not be used as a pass/fail tool. Behavioral fit is one candidate data point to collect and assess as part of examining the whole person. Why? Because while a behavioral assessment is predictive of on-the-job performance, a person could excel in a role regardless of their personality or behavioral pattern if they had the ambition and drive to develop the necessary soft skills.

Screening candidates for culture fit

In addition to thinking about which behavioral traits a candidate would need to do their job, also pinpoint the traits they would need to thrive in your culture—and screen for culture fit. 

As mentioned previously, when building a business that thinks Compliance-First!, you can prioritize core values like responsibility, accountability, or safety. When screening candidates, ask questions to suss out whether the person is likely to be responsible, accountable, and safe at work. 

For instance, PI encourages employees to interview candidates for culture fit. They meet one-on-one with each candidate during the in-person interview for 30 minutes. This layer of screening further improves the likelihood of hiring people who are a great fit. 

Looking again to the 2019 Employee Engagement Report, another top factor that drives employee engagement is Our organization is stronger because of our culture. The more you can actively build a culture of compliance—and hire new employees who feel in sync with that type of culture—the more engaged (and productive!) your people will be.

How candidate screening will vary depending on role

Let’s say you’re hiring a sales rep who makes outbound calls all day. In terms of job fit, you’d be looking for someone who’s highly confident, bounces back quickly from rejection, and has enough patience to do repetitive work. In terms of culture fit, you’d want to ensure they have integrity and good moral judgment—and that they’d work in a responsible and safe manner.

If you were hiring an accountant, on the other hand, you’d look for opposite behaviors to ensure job fit: organized, risk-averse, precise. But the culture fit behaviors would remain the same. 

In other words, when building a Compliance-First! workforce, you’ll be screening some candidates for compliance-adjacent behaviors, depending on the role. But you’ll be screening all candidates for values, regardless of the role. 


As a small business leader, it’s natural to feel overwhelmed at the thought of compliance. But with free educational resources and the right technology to support your efforts, it’s possible to maintain compliance—even on a budget. 

Copy link