M E M O R A N D U M. The proposed resolution approves the adoption of a compliance program for the State University of New York.

Transcription

1 Board Resolution -1- November 15, 2018 M E M O R A N D U M November 15, 2018 TO: FROM: SUBJECT: Members of the Board of Trustees Kristina Johnson, Chancellor Adoption of a Compliance Program Action Requested The proposed resolution approves the adoption of a compliance program for the State University of New York. Resolution I recommend that the Board of Trustees adopt the following resolution: Whereas the State University of New York is subject to a number of federal and state laws, rules and regulations; accreditation standards; and stipulations outlined in various sponsored research grants; and Whereas SUNY is committed to implementing and utilizing a compliance program for identifying, assessing, and managing risks and opportunities to effectuate the achievement of SUNY s compliance goals and objectives; and Whereas the adoption of a compliance program will be an integral component of SUNY s existing formalized enterprise risk management program; now, therefore, be it Resolved that the document entitled Compliance Program dated November 15, 2018, be and hereby is, adopted as University policy with respect to compliance; and, be it further

2 Board Resolution -2- November 15, 2018 Background Resolved that the Chancellor, or designee, be and hereby is authorized to develop and issue, as may be necessary from time to time, compliance guidance consistent with the Compliance Program, which shall be supplemental to any legal advisories issued by SUNY s Office of General Counsel. SUNY is a large, diverse, and complex institution that is subject to a number of laws, rules, regulations, and standards. As such, SUNY must seek to ensure compliance with these requirements in pursuit of meeting its goals and objectives. The Compliance Program will incorporate a systematic, organization-wide approach for identifying, assessing, and managing the risks to achieving compliance objectives. Correctly implemented, the Compliance Program can help to ensure that SUNY adheres to the requirements set forth in the various laws, rules, regulations and standards that govern the higher education, research and healthcare industries. Furthermore, the Compliance Program will help support an ethical and compliant culture and behavior, maintain accountability, and provide a formal mechanism for the reporting and investigation of noncompliance, as well as enhancing collaboration and communication throughout the University. Key components of SUNY s Compliance Program include the appointment of a Compliance Officer and Compliance Coordinator; assisting the ERM Program in the coordination of risk, internal controls, and compliance matters; facilitating the sharing and communication of information relating to legal requirements; providing direction on compliance related matters; supporting the education and training of individuals throughout the University on the importance of compliance processes and procedures; holding the organization accountable for integrity and compliant behavior; consolidating the reporting of compliance monitoring activities; evaluating the overall effectiveness of the Compliance Program; and providing periodic reports of compliance activities to the Audit Committee of the Board of Trustees. Due to the volatility of the laws, rules and regulations in the higher education, healthcare and research industries, this Resolution authorizes the Chancellor, or designee, in consultation with the Audit Committee, to develop and issue, as may be necessary from time to time, supplemental compliance guidance consistent with SUNY s Compliance Program.

3 The linked image cannot be displayed. The file may have been moved, renamed, or deleted. Verify that the link points to the correct file and location. Category: Audit Financial Legal and Compliance Policy Title: Compliance Program Document Number: XXXX Effective Date: November 15, 2018 Responsible Office: University Controller Table of Contents Summary Policy Definitions Other Related Information Procedures Forms Authority History Appendices This policy item applies to: State-Operated Campuses Summary It is the Policy of the State University of New York (University) to undertake its best efforts to comply with all State and federal laws, rules, regulations, standards, and obligations governing its operations consistent with the highest standards of business and professional ethics and the University s reputation for integrity and excellence. Given the highly complex structure and operations of the University, the Compliance Program is designed to address and promote greater coordination and consistency among individual campus compliance programs, which cover a large number of compliance areas, including higher education, research, healthcare, human resources, information technology, and athletics, among others. The compliance program outlines institutional infrastructures and processes necessary to prevent, as well as detect, mitigate, and remediate, instances of noncompliance and assigns responsibility for the development of those infrastructures, the implementation of those processes, and the ongoing assessment and oversight of the program itself. Policy I. Purpose It is the objective of the Compliance Program to implement and maintain a systematic organization-wide approach for identifying, assessing, and managing risks to achieving

4 compliance objectives; developing and maintaining adequate processes to help ensure adherence to applicable laws, rules, regulations, policies and procedures; and preserving its reputation for integrity and excellence. To meet these objectives, the University has developed a Compliance Program that structures compliance obligations and proactively mitigates the risks to fulfilling these obligations in a consistent manner. The Compliance Program is a key component of the University s Enterprise Risk Management (ERM) Program, and will specifically: Establish a cohesive structure for compliance Communicate the University s commitment to compliance and expectations of the University employees with regard to compliant behavior Promote ethical and compliant culture and behaviors Facilitate the sharing of compliance information Provide direction and guidance on compliance matters Support the education and training of individuals throughout the University on the importance of compliance processes and procedures, as well as keeping up with changing regulatory environments Hold the organization accountable for compliant behavior and integrity Consolidate the reporting of compliance monitoring activities from across the University Evaluate and determine the overall effectiveness of the University s Compliance Program II. Requirements The Compliance Program is designed to facilitate the sharing of information to inform the University s functional areas of the laws, rules, and regulations relevant to their operations; educate the University community on the importance of complying with the requirements set forth in these regulations; monitor activities to determine whether the requirements are being satisfied; and evaluate the overall effectiveness of the Compliance Program. Furthermore, the Compliance Program serves as a means of helping to enforce accountability and to further promote ethical behavior and integrity. As a key component of the ERM Program, the Compliance Program is also designed to assist in identifying and assessing the risks to the University so that its compliance objectives can be met. This function will operate in collaboration with the compliance program of the SUNY Research Foundation. III. Design The Audit Committee of the Board of Trustees has oversight of the ERM Program, which includes the Compliance Program as one of its key components. The design, implementation, and operation of the program is included as part of the ERM Steering Committee s oversight, with the day-to-day responsibilities of executing the program delegated to the Compliance Officer.

5 The Compliance Program incorporates the nationally recognized framework set forth in the United States Federal Sentencing Guidelines. The key elements of the Compliance Program include: Written Policies and Procedures Compliance Program Oversight Training and Education Communication, Reporting and Investigation Auditing and Monitoring Enforcement of Compliance Standards Response and Prevention Risk Assessment Definitions There are no definitions relevant to this policy. Other Related Information US Federal Sentencing Guidelines for Organizations SUNY Policy, Enterprise Risk Management Program, Document No Procedures There are numerous policies and procedures that contain compliance-related components relating to the specified area. Forms There are no forms relevant to this policy. Authority State University of New York Board of Trustee Resolution, No History

6 June 16, 2015, Board of Trustee Resolution No , Adoption of an Enterprise Risk Management Program Appendices There are no appendices relevant to this policy.