Your Complete HR Compliance Checklist

Any business owner can tell you that keeping up with business operations and handling risk management is easier said than done. Wouldn’t it be great if there was a tool you could use to help keep track of critical data and dates organized in one place?

We’ve got your back! This HR Compliance Checklist, in conjunction with TriNet's Compliance Calendar, can help alleviate stress from your deadlines and keep you on track.

How can I keep on track of compliance?

It seems that regulations and laws can be moving targets when it comes to HR compliance. So how are you supposed to keep track of each function? Let’s start by dividing things into more manageable chunks.

Every HR department has requirements that can be sorted by:

• Predictable or calendar-based compliance deadlines.
• Employee or hire-dependent compliance deadlines that are more unpredictable.
• Dynamic compliance deadlines that happen at the commencement of a leave of absence or separation.

When you break your compliance requirements into these 3 buckets, it can be easier to track what you need to care for and when you need to fulfill the requisite tasks. So let’s dive in.

Predictable compliance deadlines

There are certain compliance events you can count on every year. These items can be put on your calendar to make sure you meet specific deadlines. They can include:

• Form W-2s to employees and the IRS – You must provide employees with this federal form demonstrating how much pay they earned, taxes that were deducted, and retirement benefits that were provided.
• EEO-1 Reporting – If you have 100 or more employees, or at least 50 for federal contractors, you are required to file your company’s EEO-1 report with the EEOC. The deadline to file changes from year to year, sometimes by months.
• Prior year’s OSHA report – You must post a summary of the prior year’s worksite injuries and Occupational Safety and Health Administration (OSHA)-related injuries and illnesses in a location where all employees can view it. Similarly, if you employ 250 or more employees (or 20-249 employees in a high-risk industry), you must file the OSHA form 300-A.
• Affordable Care Act (ACA) reporting – If you are an applicable large employer (ALE) of 50 or more fulltime equivalent employees, you must provide benefit eligible employees with a Form 1095-C annually by March 2, and both Form 1094-C data and Form 1095-C to the IRS March 31. If your medical plan is self-insured and your company is not an ALE, you must send the Form 1095-B to all benefits eligible employees and both Form 1094-B data and form 1095-B to the IRS annually.
• M-1 Filing - Multiple Employer Welfare Agreements (MEWAs) that offer coverage for medical care for two or more employers must file the M-1 initially and annually.
• PCORI reporting – If you offer your employees self-insured health care options, you must file Form 720 to meet the Patient-Centered Outcomes Research Institute Trust Fund (PCORI) requirements.
• Medicare Part D notice – Employers that offer prescription drug coverage must provide an annual notice to employees to inform them whether coverage is creditable or non-creditable. The notice must be provided before October 15 each year.
• Workplace posters and notices – Employers must post certain workplace posters and provide notices to their employees to notify them of their rights under applicable employment laws. Some of these notices must be distributed annually. As well, some posters change annually, such as those reflecting the applicable minimum wage in jurisdictions where that changes yearly. There are federal, state, and local posting and notice requirements as well as industry specific requirements.

These are not your only annual compliance requirements, but they are the ones with specified deadlines that you can generally count on every year.

Employee-event driven compliance requirements

It would be wonderful if we could just put reporting requirements on the calendar at the beginning of the year. Unfortunately, the nature of being in the business of people can prevent us from doing that. So let’s discuss some of the reporting that may need to be completed based on employee-driven events.

Benefits and insurance-related reporting

There are times when an insurance company will provide you with a medical loss ratio (MLR) for health insurance. When this occurs, the rebate must be handled in accordance with regulatory guidance. Companies that collect any health-related data on employees must notify the employees and provide the EEOC with related Wellness Program reporting.

There are more items you need to care for, including:

• HIPAA requirements
• National Medical Support Notices (NMSNs)
• The Mental Health Parity and Addiction Equity Act (MHPAEA)
• Summary Plan Descriptions (SPDs)
• COBRA (Consolidated Omnibus Budget Reconciliation Act)
• OSHA illness and injury reporting
• Michelle’s Law, and more

For more information, you can access an extensive list of benefits -related requirements available in TriNet's HR Compliance eGuide.

Form I-9 filing

When a new employee joins your company, you must obtain verification of their eligibility to work in the U.S. within 3 days of their hire and retain those documents for at least 3 years, or at least 1 year after their termination.

COBRA

One of the basic requirements of COBRA is the requirement to provide an initial notice to covered employees. This notice communicates to plan participants their COBRA rights and obligations generally.

When an employee experiences a COBRA qualifying event, such as termination of employment, a COBRA election notice is required to be sent to the employee and covered dependents. The election notice contains information regarding their rights and obligations under COBRA.

Summary of Benefits and Coverage (SBC)

When changes are made to benefit plans, you have a limited amount of time to make changes to SBCs and notify the plan participants.

Premium Assistance Under Medicaid and CHIP

Employers must notify all benefits eligible employees of premium assistance that may be available in their states through Medicaid and the Children’s Health Insurance Program (CHIP).

Women’s Health and Cancer Rights Act Notice (WHCRA)

Group health plans must provide written notification to individuals of the coverage required by WHCRA upon enrollment and annually thereafter.

Notice of Privacy Practices

Plan participants but be provided with the Notice of Privacy Practices that describes how their medical information may be used and disclosed and how they can get access to this information.

Minimize the risk of fines and watch lists

When you take time to make sure you are fully in compliance with the applicable HR-related compliance requirements, you can keep your company running smoothly. You will also help your company demonstrate that you value your employees.

Small business owners and HR leaders are working hard to manage the people center of their company while also staying on top of compliance requirements and calendar-based deadlines. Whether you’re a growing startup or an established small business, your HR team needs systematic approaches to remain compliant. Use compliance calendars and checklists to pay attention to requirements and due dates like fixed, rolling, and dynamic deadlines at the local, state, and federal levels for compliance-related tasks.

Download TriNet's compliance calendar to get insights and review important deadlines and key dates to help you.

General HR compliance tasks that need your attention

Employee files

• Make sure to create them and store them in a secure location and make them only accessible to those with a need-to-know to perform their jobs.
• Include employee’s application, documents reflecting disciplinary history, and performance reviews.
• Double check that sensitive personal documents, including drug test results, medical documents, or polygraph tests don’t live in general employee files. It’s a best practice to store them in secure confidential files.
• Employee files need not be kept forever. Have a retention policy and disposition system in place where you properly destroy files based on their specific record retention requirements.

Compliance posters

Be sure to hang the U.S. Department of Labor’s mandatory posters and other required federal posters in a common area so they are clearly visible. Review state and local government sites for their specific requirements.

Performance reviews

Establish a performance review policy or review the one you have. If you’re still using an annual review, now may be the time to consider a more consistent and timely system of feedback.

Non-compete clauses

The rules on this issue are shifting. Many states are moving toward restricting or outright banning these agreements, particularly for low-wage workers, emphasizing the need for clear, reasonable restrictions that protect legitimate business interests without hindering employee mobility.

Human resources teams should stay informed about specific state laws.

Privacy training

Consider adopting organizational measures for the appropriate handling of personal data, including conducting annual training on data protection and applicable privacy laws (such as the General Data Protection Regulation, “GDPR,” or the California Consumer Privacy Act, “CCPA”), which may be necessary based on the specific organization’s legal requirements.

Sexual harassment prevention training

There are many locations that require regular sexual harassment prevention training as frequently as every year. At the time of this publication, California, Connecticut, Delaware, District of Columbia, Illinois (including Chicago-specific training), and New York State (including New York City-specific training) have requirements that training be delivered at certain intervals, sometimes more frequently to supervisors. Regardless of your company’s location, it is best practice to share your company’s policy prohibiting sexual harassment as well as conduct prevention training each year.

Recruiting and hiring

Make sure your business has:

• Location-specific job applications that account for requirements such as ban the box laws.
• Offer letter templates.
• Form I-9 employment eligibility verification procedures. HR teams need to analyze and record employee verification documents, so keep these in a designated place. Certain government officials may request to inspect Form I-9, and if requested for inspection, employers must provide these documents, within 3 business days when requested.
• Relevant non-competes, NDAs, invention disclosure, or intellectual property forms.
• Practices that comply with wage transparency and pay equity requirements that ban employers for inquiring about salary history and/or even require them to disclose either the exact wage or wage range in job postings and to job applicants and existing employees. While there is no federal wage transparency requirement, there are many at the state level.
• Wage Theft Prevention Act (WTPA) Notices to distribute to employees wherrerequired. WTPA notices are intended to help employees understand their paychecks by providing information on how much they are paid, when they are paid and other pay-related details. Notices are provided to covered employees at the time of hire and before certain pay changes.
• Documented policies on Title VII, age discrimination, sexual harassment, ADA, and FMLA. It's good practice to include these in your employee handbook.

Review or update:

• Verbiage on at-will employment
• Where and how your company posts job ads to account for wage disclosure and transparency requirements
• How to determine your target candidates
• What your onboarding process looks like
• Interviewing procedures, like who interviews and what questions to ask
• How to manage references
• Whether the wording on your applications is legal, particularly with regard to criminal history, age, and disability status.

Compensation, benefits, and payroll

Pay

Review your approach for structuring competitive pay. Factors like the multi-generational workforce and rise of the gig economy can make this tricky. Confirm your payroll structure and revisit the payroll technology you’re using. You should also be monitoring any changes in minimum wage legislation and adjusting as necessary.

Benefits

What are your benefit offerings? Consider:

• Paid Time Off (PTO). Will you offer standard PTO or a flexible PTO policy? Are you in a location that has certain earned time off requirements such as paid sick and safe leave?
• Additional benefits. Do you offer dental, vision, and life insurance and 401(k) retirement plan? Companies do not have to provide these, but most competitive employers do.
• Mandatory benefits. Unemployment, workers' compensation (check your state’s specific laws), and if you have 50 or more full-time equivalent employees, health insurance coverage as well.

Wage and hour reporting

Some states have specific annual reporting requirements related to wages, such as reports showing wages broken down by job leve, race and sexl These states include California, Illinois, and Massachusetts.

Pay transparency

There are relatively new laws that tackle pay disparities by providing employees with access to wage data and requiring employers to disclose wage ranges. As of 2024, states with pay transparency laws include: California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Massachusetts, Nevada, New York, Rhode Island, and Washington. Some individual cities and counties have even passed their own legislation on the subject.

Company compliance

Check for compliance on the following requirements. Having an automated compliance system in place for your employment-related practices will help you pull this information more easily.

Fair Labor Standards Act

The FLSA requires compliance with minimum wage, overtime, and child labor laws and provides guidelines for classifying employees as exempt or nonexempt. Check that you have systems in place for correctly paying overtime wages and keeping track of employee hours.

Equal Employment Opportunity Commission

The EEOC requirements include:

• Title VII of the Civil Rights Act. Bars discrimination on the basis of race, color, religion, sex, and national origin.
• Title I of the Americans with Disabilities Act. Employers cannot discriminate “against qualified individuals with disabilities in job application procedures, hiring, firing, advancement, compensation, job training, and other terms, conditions, and privileges of employment.”
• Age Discrimination Employment Act. Prohibits age discrimination against persons over 40.
• Equal Pay Act. Requires equal pay for equal work for all sexes. Discrepancies are only permitted if they are “affirmative defenses” — and it is the employer's burden to prove that they apply.

Family and Medical Leave Act

The FMLA requires employers to provide 12 weeks of unpaid, job-protected leave for new parents, to care for their own serious health condition or that of loved ones, or for a number of other qualifying reasons.

Affordable Care Act

Under the ACA, employers with 50 or more full-time equivalent employees must offer medical coverage to employees. Make sure your employee handbook is up to date with healthcare information.

Consolidated Omnibus Budget Reconciliation Act

COBRA requires that employers with 20 or more employees offer healthcare continuation coverage following a “qualifying event” that results in a loss of benefits coverage. Double check that your COBRA policy is clearly communicated.

Unemployment Benefits

Employees who were separated through no fault of their own may be entitled to unemployment benefits, while those who caused their separation may not be eligible.

Occupational Safety and Health Administration

Check that you have all the proper security measures in place for OSHA. The requirements will largely depend on your business. For example, companies that have certain chemicals on the premises must have material safety data sheets on-site. Other considerations for your HR compliance checklist are to clearly communicate workplace hazards to employees and to have a documented emergency action plan in place.

Triggered events

Some compliance tasks are more accurately addressed on a case-by-case basis. Confirm your company compliance procedures for the following:

• Injury at work
• FMLA-related requests
• Terminations
• Certain non-FMLA leaves of absence
• Sexual harassment training — (17 states require annual sexual harassment training for employees)
• Change in employment status, like from contractor to employee, pay rate, or pay schedule

Beyond the HR compliance checklist: FAQs

What should I do if an employee reports a compliance issue?

Follow your organization's reporting procedures, investigate the claim promptly and confidentially, and document all steps taken. Once you've fully assessed the situation, take the appropriate rectifying action based on the findings.

How often should I conduct compliance training for employees?

Compliance training should be conducted regularly, typically annually, and should include updates when there are significant changes in laws or company policies.

How can I stay updated on changes in employment-related rules and requirements?

Subscribe to HR and legal newsletters, participate in professional organizations, attend relevant webinars, and consult with experts to stay informed about changes.

I'm still overwhelmed. Do you have any further compliance resources that can help?

HR compliance is a big challenge, especially for small and medium-size businesses. Check out this HR compliance survival guide, which can help further clarify the process.

TriNet makes compliance easy

While life might be a little easier with a comprehensive HR compliance checklist, there's no doubt that navigating compliance is still a complicated and time-consuming task.

Costly (or even noncompliance) mistakes can affect your company's bottom line. Fortunately, you and your team can rest assured knowing TriNet can help you stay up to date with HR-related rules and requirements.

We provide compliance support at many levels: Our administrative services organization (ASO) service and TriNet PEO, our professional employer organization solution.

HR administration directly built into the platform, you can stay informed of important HR-related and key business dates and custom deadlines. If you're ready to let TriNet help you navigate compliance with confidence, reach out to a TriNet representative today.