Tufts University Logo SITE_NAME

Search  GO >

this site tufts.edu people

Institutional Compliance

What is Institutional Compliance?

Institutional Compliance comprises activities that support coordination, management, and monitoring of the risks associated with federal, state, and local laws and regulations. While Tufts has individuals responsible for monitoring compliance with specific laws and regulations in various areas of operations, Institutional Compliance comprises the collective university activities that help to ensure all significant compliance risks are addressed and effectively managed. Institutional Compliance activities promote a culture of compliance and ethics consistent with Tufts’ Business Conduct Policy.

What are the typical Institutional Compliance activities?

  • Identifying the infrastructure needed to support various areas of regulatory compliance
  • Providing required compliance education and training
  • Helping to interpret required compliance with specific areas of regulation
  • Assessing compliance risks
  • Developing risk mitigation strategies
  • Monitoring compliance with specific laws and regulations
  • Communicating significant new or revised regulations to the appropriate officials

Why is Institutional Compliance Needed?

Laws and regulations affecting universities have become increasingly complex. Certain major universities have experienced adverse publicity in the press and incurred substantial fines for research, environmental health and safety, employment, student aid, and other types of compliance violations.

Is there guidance for Institutional Compliance?

Guidance for institutional compliance has been developed in recent years. The U.S. Sentencing Commission issues U.S. Sentencing Guidelines for Organizations which describe the elements of effective compliance. The National Association of College and University Business Officers has many resources available for managing compliance in various areas (e.g. Facilities and Environmental Compliance). The National Institutes of Health offers grants compliance guidance. The Open Compliance and Ethics Group, a not-for profit organization, offers a number of resources for managing risk and compliance.

With all of this guidance, what do we follow?

Most compliance guidance is broad and has common themes. Institutional compliance is a long term process and there is no single solution that works for all organizations. The common or core elements for institutional compliance are:

  • Risk Assessment All activities are systematically evaluated for compliance risks. A process is instituted to ensure risks are regularly evaluated. Controls are matched to the severity of risk.
  • Responsible Parties and Roles Roles and responsibilities for compliance risk areas are clearly defined and documented. Individuals are adequately empowered to carry out their responsibilities.
  • Standards and Procedures Compliance standards, practices and procedures are written, clearly established and reasonably designed to reduce the risk of non-compliant conduct. Clear standards of conduct are established and widely distributed.
  • Program Oversight A compliance officer and other appropriate bodies (e.g., compliance committees) are designated and charged with the responsibility for developing, operating, and monitoring the compliance program, with authority to report directly to the Board and/or the President/CEO.
  • Awareness, Education and Training Compliance standards and procedures are effectively communicated, and the institution ensures that responsible individuals receive timely and appropriate education and training.
  • Lines of Communication An effective method of communication is developed between the compliance function and all employees, including a “hot line” to receive complaints, as well as a mechanism to respond to questions.
  • Monitoring and Auditing Systems are implemented to detect non-compliant conduct and identify problem areas.
  • Enforcement Standards are consistently enforced through identification of non-compliance and appropriate consequences based upon clear and specific disciplinary policies.
  • Corrective Action Systems effectively ensure prompt investigation of non-compliance, reporting where appropriate, and proper responses to prevent similar breakdowns in the future.

What are some major areas of regulatory compliance?

For research universities, some of the most significant compliance laws and regulations are in the area of sponsored research. This includes the use of human subjects and animals in research; research policy such as research misconduct and conflict of interest; grants administration; laboratory safety and licensing technology obtained through research. For all educational institutions, student financial aid, privacy and security of records are important. Federal and state regulations governing non-discrimination, employment and finance are also significant.

If I think there is a non-compliance issue, what should I do first?

Tufts has developed a policy for reporting significant instances of suspected non-compliance.

You should become familiar with this policy and follow its guidance. In general, suspected instances of non-compliance should first be reported to the appropriate University manager responsible for enforcement and monitoring the issue. The policy provides a mechanism for reporting significant instances of suspected non-compliance through an anonymous link when other options have been exhausted or you feel uncomfortable discussing the matter with a supervisor or responsible manager.

Return to top