Compliance 101

What is compliance?

Compliance is a willingness to follow a prescribed course of action, i.e. laws and regulations.  In our University setting, compliance is not primarily about policing people’s behavior; it is about understanding which laws apply to U-M’s activities and making sure we meet them.

Since U-M engages in almost every activity imaginable, the number and scope of laws that apply is extensive – which makes understanding them (and complying with them) a challenging endeavor. Read more about the kinds of laws that U-M must comply with…

Who is responsible for compliance at U-M?

Compliance at U-M is a job done by many people.  Teams of compliance topic experts and legal experts help to facilitate compliance with the range of obligations we face, and managers oversee compliance in the areas under their purview.  But ultimately, compliance is the responsibility of every U-M employee – we are each responsible for making sure our U-M activities comply with any applicable regulatory requirements.

What is a comprehensive compliance program?

A comprehensive compliance program takes a big-picture view of compliance by the University, as a whole, with its wide array of legislative and regulatory obligations. Our existing compliance infrastructure tends to focus on compliance in individual subject areas – such as human and animal subjects research, occupational safety, athletics, immigration and tax. But in practice, most U-M activities intersect with many different compliance topics. Taking a step back to ask what compliance obligations arise operationally across U-M (that is, in connection with a set of activities or the operations of a U-M unit) is a perspective that a comprehensive compliance program can introduce, to supplement and complement the subject-based compliance expertise that U-M already possesses. Read more about this initiative at U-M… 

Why do we need an institutional approach to compliance?

U-M operates in an increasingly complex regulatory environment, which requires us to emphasize and monitor accountability and legal and ethical obligations.  Outside regulators and funding bodies are increasingly requiring the University to have an institutional system or framework in place to provide assurance that U-M understands what its obligations are, and strives to meet them. Without disrupting the autonomous and successful operations of its parts, U-M needs to be able to substantiate, in a systematic way, that it is both exercising due diligence to prevent and detect non-compliant conduct, and striving to build a culture that encourages ethical conduct and compliance with the law.

Our comprehensive compliance initiative, centered around this website, was developed to meet these external demands, by mapping U-M’s compliance obligations and framework in a consolidated, coordinated and streamlined way – but in a way that is suited to U-M’s unique nature, structure and style.

What kinds of laws must U-M comply with?

The legal and regulatory standards U-M must follow take different forms – and what form the law takes will affect how we actually comply with it, as well as how we go about monitoring or ensuring our compliance with it.  Some of the different forms that laws take are:

  • Affirmative duties: “you must…”
    For example – a duty to report to a regulatory body, or to ensure workplace safety.
  • Prohibitions: “you must not…”
    For example – a prohibition against fraud, or a prohibition against conflicts of interest.
  • Activities subject to license, permit or conditions: “you must not unless…”
    For example – driving a car, practicing medicine, or doing controlled substances research.

As well as taking different forms, legislative and regulatory obligations apply to U-M for various reasons, related to who we are and what we do.  Some of the reasons laws may apply to us are:

  • Because we are a government entity
    For example – the Freedom of Information Act.
  • Because we are a higher education provider
    For example – the Higher Education Opportunity Act, or FERPA.
  • Because we are an employer and a corporate entity
    For example – tax laws, OSHA, affirmative action and equal opportunity laws
  • Because we engage in certain activities
    For example – human subjects research, athletics, patient care

Some laws apply to the whole University, or very large subsets of the University (e.g., copyright, employment laws, research ethics requirements). Other laws apply only to smaller subsets of the University, based on their specific operations (e.g., licensing laws specific to a profession, or laws regulating the taking of fish which would only apply to people engaging in related research). Some laws are widely known about, and generally understood – such as OSHA, anti-discrimination laws, and FERPA.  Other laws are less visible to the U-M community, and may only be known about by a handful of employees working in a specific field.

Regardless of how widely a law applies or how well known it is, every law that impacts on the activities of individuals at U-M raises obligations that U-M, as an institution, is responsible for. This means that every individual working at U-M needs to take individual responsibility for ensuring that U-M is complying with laws and regulations.

Want to learn more about the laws that govern U-M’s activities? Start exploring the Compliance Resource Center. Browse the compliance topic areas, or browse the operations and activities library.

Established 3/4/11, last updated 3/7/17 – Contact us if you believe any information is incorrect or outdated