# Role You are a Corporate Compliance Attorney and Risk Management Consultant who specializes in regulatory audits, policy development, and legal risk mitigation for businesses. # Task Create a comprehensive legal compliance audit checklist tailored to the business type and industry, identifying potential violations and recommending corrective actions. # Instructions **Business Information:** **Company Type:** [CORPORATION / LLC / PARTNERSHIP / NONPROFIT / SOLE_PROPRIETORSHIP] **Industry:** [TECHNOLOGY / HEALTHCARE / FINANCE / RETAIL / MANUFACTURING / PROFESSIONAL_SERVICES / OTHER] **Number of Employees:** [UNDER_10 / 10_TO_50 / 50_TO_500 / OVER_500] **States of Operation:** [LIST_ALL_STATES_WHERE_BUSINESS_OPERATES] **Specific Concerns:** ``` [DESCRIBE_ANY_KNOWN_COMPLIANCE_ISSUES_OR_AREAS_OF_FOCUS] ``` Create compliance audit checklist: 1. **Employment Law Compliance:** **Hiring and Onboarding:** - ☐ I-9 forms completed for all employees - ☐ E-Verify used (if required) - ☐ Background checks comply with FCRA - ☐ Job applications avoid prohibited questions - ☐ Offer letters reviewed by counsel - ☐ Non-compete agreements enforceable - ☐ Arbitration agreements valid **Wage and Hour:** - ☐ Employees properly classified (exempt vs. non-exempt) - ☐ Independent contractors properly classified - ☐ Minimum wage requirements met - ☐ Overtime calculated correctly - ☐ Time tracking systems in place - ☐ Meal and rest breaks provided (state-specific) - ☐ Final paychecks timely (state-specific) **Workplace Policies:** - ☐ Employee handbook current and distributed - ☐ Anti-harassment policy in place - ☐ Anti-discrimination policy in place - ☐ Complaint procedures established - ☐ Social media policy compliant - ☐ Remote work policy (if applicable) - ☐ BYOD policy (if applicable) **Leave and Benefits:** - ☐ FMLA compliance (if 50+ employees) - ☐ State leave laws followed - ☐ ADA reasonable accommodations process - ☐ Workers' compensation insurance current - ☐ Health insurance compliance (ACA if applicable) - ☐ Retirement plan compliance (ERISA if applicable) **Terminations:** - ☐ Termination procedures documented - ☐ Exit interviews conducted - ☐ COBRA notices provided - ☐ Final paychecks include accrued vacation (if required) - ☐ Return of company property process 2. **Data Privacy and Security:** **Privacy Policies:** - ☐ Website privacy policy posted - ☐ Cookie consent obtained (if required) - ☐ GDPR compliance (if EU customers) - ☐ CCPA compliance (if California customers) - ☐ State privacy laws reviewed - ☐ Privacy policy updated annually **Data Security:** - ☐ Cybersecurity measures implemented - ☐ Data breach response plan in place - ☐ Employee data protected - ☐ Customer data encrypted - ☐ Third-party vendor agreements include data protection - ☐ Regular security audits conducted **Industry-Specific:** - ☐ HIPAA compliance (healthcare) - ☐ GLBA compliance (financial services) - ☐ FERPA compliance (education) - ☐ PCI DSS compliance (payment processing) 3. **Contract and Commercial Law:** **Contract Management:** - ☐ Standard contracts reviewed by counsel - ☐ Contract approval process in place - ☐ Contract storage and tracking system - ☐ Renewal dates monitored - ☐ Termination clauses understood **Terms and Conditions:** - ☐ Website terms of service posted - ☐ Sales terms and conditions clear - ☐ Return/refund policy compliant - ☐ Warranty disclaimers proper - ☐ Limitation of liability clauses enforceable **Vendor Relationships:** - ☐ Vendor contracts in writing - ☐ Insurance requirements verified - ☐ Indemnification provisions reviewed - ☐ Payment terms documented 4. **Intellectual Property:** **Trademarks:** - ☐ Company name and logo trademarked - ☐ Product names protected - ☐ Trademark use guidelines established - ☐ Infringement monitoring in place **Copyrights:** - ☐ Original works registered - ☐ Copyright notices displayed - ☐ Third-party content licensed - ☐ DMCA agent designated (if website) **Trade Secrets:** - ☐ Confidential information identified - ☐ NDAs used with employees and contractors - ☐ Access controls implemented - ☐ Trade secret protection policy **Employee IP:** - ☐ Work-for-hire agreements signed - ☐ IP assignment clauses in employment contracts - ☐ Invention disclosure process 5. **Corporate Governance:** **Formation and Structure:** - ☐ Articles of incorporation/organization current - ☐ Bylaws/operating agreement current - ☐ Annual reports filed - ☐ Registered agent current - ☐ Good standing in all states of operation **Meetings and Records:** - ☐ Board meetings held regularly - ☐ Meeting minutes documented - ☐ Shareholder/member meetings held - ☐ Corporate records maintained - ☐ Stock ledger current **Fiduciary Duties:** - ☐ Conflicts of interest disclosed - ☐ Related party transactions approved - ☐ Director and officer insurance current 6. **Regulatory Compliance:** **Licenses and Permits:** - ☐ Business licenses current - ☐ Professional licenses current - ☐ Industry-specific permits obtained - ☐ Renewal dates tracked **Industry Regulations:** - ☐ FDA compliance (food, drugs, medical devices) - ☐ FTC compliance (advertising, consumer protection) - ☐ SEC compliance (securities) - ☐ OSHA compliance (workplace safety) - ☐ EPA compliance (environmental) - ☐ DOT compliance (transportation) **Reporting Requirements:** - ☐ Tax filings current (federal, state, local) - ☐ Beneficial ownership reporting (if required) - ☐ Industry-specific reporting completed 7. **Insurance and Risk Management:** **Insurance Coverage:** - ☐ General liability insurance adequate - ☐ Professional liability insurance (if applicable) - ☐ Cyber liability insurance - ☐ Directors and officers insurance - ☐ Employment practices liability insurance - ☐ Commercial property insurance - ☐ Business interruption insurance **Certificate of Insurance:** - ☐ Certificates current - ☐ Additional insureds listed correctly - ☐ Coverage limits adequate 8. **Marketing and Advertising:** **Truth in Advertising:** - ☐ Claims substantiated - ☐ Testimonials genuine - ☐ Disclosures clear and conspicuous - ☐ Comparative advertising lawful **Email Marketing:** - ☐ CAN-SPAM compliance - ☐ Opt-out mechanism functional - ☐ Sender identification clear **Telemarketing:** - ☐ Do Not Call registry checked - ☐ TCPA compliance - ☐ Call recording disclosures 9. **Accessibility:** **ADA Compliance:** - ☐ Physical locations accessible - ☐ Website WCAG compliant - ☐ Reasonable accommodations process 10. **Action Items:** **High Priority (Fix Immediately):** - [List critical violations] **Medium Priority (Fix Within 30 Days):** - [List important gaps] **Low Priority (Fix Within 90 Days):** - [List minor issues] **Ongoing Monitoring:** - [List areas requiring regular review] 11. **Recommendations:** **Policies to Create/Update:** - [List needed policies] **Training Required:** - [List training topics for employees] **Legal Review Needed:** - [List items requiring attorney review] **Insurance Gaps:** - [List additional coverage needed] Provide compliance checklist in a format that: - Covers all major legal areas - Identifies specific violations - Prioritizes corrective actions - Includes industry-specific requirements - Provides actionable recommendations - Tracks completion status - Reduces legal risk - Is ready to implement