Ryan Meade
Editor-in-Chief
Director of Regulatory Compliance Studies at Loyola University Chicago School of Law
Today we are launching the blog of the Loyola University Chicago Journal of Regulatory Compliance. In this space we will publish news alerts, brief commentaries, and short essays on regulatory compliance.
Our journal title immediately begs the question, “what is compliance?” And a further question, “why regulatory compliance?”
Taking the first question first, compliance on its face involves conforming to a rule or standard. In the law, compliance purports to be conformance to law or those rules which have the force of law. The challenge in complying with the law today is figuring out what the law is. There are many rules and expectations which are not set out in the style we usually associate with law (i.e., a codified command of the legislator). For example, in the field of health care, much of the legal requirements an organization must follow are not statutes or formal regulations, but take the form of agency determinations, manuals, guidances, and a host of other sub-law regulatory proscriptions. This is why the type of compliance we are concerned about in the Journal and on this blog is “regulatory.”
By “regulatory,” we mean the entire array of commands, rules, orders, and standards with which a person or entity is expected to conform. We do not mean merely statutes set out in the United States Code or formal regulations promulgated in the Code of Federal Regulations. Law in the United States has, for better or worse, moved beyond these two traditional vehicles when establishing an individual or entity’s obligation.
“Regulatory” also by no means refers only to a push down of obligation from the state. “Regulatory” can also mean the voluntary adoption of policies that set the organization’s expectations for itself higher than the law (whatever that may be) requires. Regulatory compliance can also connote conformance to negotiated standards. Negotiated standards are very common today in deferred prosecution agreements, corporate integrity agreements, and other type of settlements with federal or State departments.
So that is “regulatory compliance” — conforming to everything which an actor must conform to. Why the actor must conform is diffuse and heterodox. Compliance may be due to a fiat command, or because an action is prudent for managing risk of appearance of non-conformance, or the result of someone’s voluntary agreement to conform to higher standards.
The Journal and this blog have at least three over-arching themes. (1) An ongoing exploration of what compliance means, both broadly for all regulated actors, and more specifically within certain industries. (2) Dissemination of information about the “regulations” to which actors must conform, particularly the unfolding of new regulations which is not a weekly occurrence but a daily happening. (3) Service as a resource on how regulated actors manage their regulatory risk.
This latter theme involves “compliance programs,” which are ways entities organize themselves to manage regulations. The goal of a compliance program is no mean feat. Nothing could be more useless to an organization than a policy that says “follow the law.” An organization’s workforce must know about the law before it can be held accountable for following it. Compliance programs educate the workforce on regulatory obligations, adopt policies that set the regulatory obligations in the context of the organization’s business practices, audit the organization to assess whether the entity is complying, and guide the organization in corrective actions when non-compliance is identified.
Running around in the background of compliance programs is a question that haunts all compliance officers: which regulations should the organization be trained on and audited against? There are simply too many regulations for the compliance program to address them all. Most organized economic sectors in the United States (e.g., health care, banking, transportation, education, manufacturing) operate in a field of hundreds of thousands of pages of government regulations. Most of these regulations are never enforced, but all could be enforced. How to prioritize? We will be exploring that.
The world, and most certainly the United States, is awash in rules and regulations. Regulations in their various stripes are necessary for civil society to function. I must have some standard by which I relate to you or you and I will not have a relationship. A society without relationships is not a society. A society without rules is not a society. But a decalogue of basic rules doesn’t cut it these days. The rules a person must conform to seem to be as plentiful as radio waves but how do we sort through all of these to achieve compliance? It is likely that our more speculative postings will wonder aloud whether it is even possible to “be in compliance.”
On these pages we will address both speculative and practical regulatory compliance matters. We cannot cover everything, just as no organization can have policies on every regulation. But we hope to advance the discussion of the themes to benefit our readers and hasten a better understanding how to manage a world of rules.
Ryan Meade is Director of Regulatory Compliance Studies at Loyola University Chicago School of Law where he oversees the compliance curriculum for the JD, MJ, and LLM programs. He teaches a variety of compliance and regulatory-related courses as well as serving as an MJ and LLM thesis advisor for students concentrating in compliance, administrative, and health care law. He serves as the Editor-in-Chief of the Loyola University Chicago Journal of Regulatory Compliance.