business plan regulations

Legal Requirements To Start A Small Business In 2024

Updated: Apr 17, 2024, 11:52am

With a fledgling business, passion for a product or service usually comes easily. Less exciting are the legal requirements for operating legitimately. Requirements vary dramatically depending on the industry, type of business and location. While there’s no substitute for advice from experienced legal counsel, this guide outlines some of the most important legal requirements to start a small business in 2024. Be sure you understand what’s needed before getting too far into your business planning.

Featured Partners

ZenBusiness

$0 + State Fees

Varies By State & Package

On ZenBusiness' Website

Northwest Registered Agent

$39 + State Fees

On Northwest Registered Agent's Website

Tailor Brands

$0 + state fee + up to $50 Amazon gift card

Varies by State & Package

On Tailor Brands' Website

$0 + State Fee

On Formations' Website

Business Structure and Designation Requirements

Once the mission and strategy of a business become clear, an important next step is to decide on the business’s legal structure. The choice you make can affect everything from the way you operate the business to the liabilities you’ll face to the way you pay taxes. Here are the most common options for small business owners:

Sole Proprietorship

The simplest structure for a one-owner business is a sole proprietorship. As a sole proprietor, a business owner has relatively few regulatory burdens and a high degree of control and flexibility. There’s no paperwork required to establish a sole proprietorship–it’s automatically created as soon as you start doing business. However, if you’ll be using a business name other than your own name, you’ll probably need to register your business name as a DBA with your state or locality.

A sole proprietorship does not form a distinct business entity, which means that there’s no legal difference between the business’s assets, debts and other liabilities and those of the owner. This creates a risky situation for owners, as they’re on the hook for any legal or financial failures of the business. You can’t take on partners and remain a sole proprietorship, and your ability to get a loan for your business will hinge on your personal credit. Sole proprietors report business income and expenses on their personal tax returns, and they pay income and self-employment taxes on their profits. Some business founders use sole proprietorships to test a business idea before committing to a more formal structure and paying the higher fees associated with those structures.

Partnership

There are several kinds of partnerships. If you go into business with other people and don’t set up a formal business entity, your business is automatically considered a general partnership. Like sole proprietors, partners in a general partnership are fully liable for all business debts and obligations. They’re also liable for actions taken by their partners–a major reason why most lawyers encourage businesses to form an LLC or corporation rather than remain a general partnership. General partnerships are taxed similarly to sole proprietorships, with partners reporting their share of income, expenses, credits, profits and losses on their personal tax returns.

Other kinds of partnerships include:

• A Limited Partnership or LP, which stipulates that at least one “general partner” assumes personal liability for the business’s affairs, while other partners are passive investors with limited liability. Limited partnerships are common in certain industries such as real estate development.
• A Limited Liability Partnership or LLP, also provides limited liability for partners, but the specifics vary by state. In some states the liability protection is the same as for an LLC, but in other states the protection only extends to liability for other partners’ negligence. Some states require one general partner to remain fully liable. And some states restrict LLPs to certain licensed professionals like doctors, lawyers and architects.

Related: Limited Liability Partnership vs Limited Liability Company

Limited Liability Company

A Limited Liability Company or LLC balances the relative ease and flexibility of a partnership structure with the increased risk protection and potential tax advantages of a corporate structure. LLC owners (known as “members”) aren’t personally liable for business obligations. By default, LLC members are considered self-employed, and they file and pay taxes in the same way as owners of a general partnership or sole proprietorship. But an LLC can also elect to be taxed as a corporation. To set up an LLC, you must file articles of organization with your state.

An LLC should also have an operating agreement that details how the LLC will be run and the rights and responsibilities of the members.. Many small business owners choose LLCs for their simplicity and flexibility.

Corporation

With a corporation, the owners’ liability for business obligations is limited to the amount they have invested in the company–business creditors can’t go after their personal assets. Corporations have a well-defined organizational structure that includes a board of directors, officers, and owners, who are known as shareholders. A corporation may pay corporate income tax as a C-corp, or it may be eligible for pass-through taxation as an S-corp. Corporations tend to have more rigorous recordkeeping and reporting requirements than LLCs.

A corporation is formed by filing articles of incorporation with the state. Corporations should also have bylaws. Because corporations have a predictable structure and their shares are easy to transfer, corporations are well-suited to businesses hoping to attract outside investment.

Start an LLC Online Today With ZenBusiness

Click on the state below to get started.

Business Name Registration Requirements

Business owners should explore several different ways to register and protect a business name:

Entity Names

If you form an LLC, corporation or other type of business entity, your business name will be registered with the state. The state won’t allow another business to be formed with the same name as yours.

A federal trademark helps protect a business name nationwide. You can apply for a trademark through the US Patent and Trademark Office . Though trademarks are not required to operate a business, registering a name may be a good idea to protect the exclusivity rights that come with a registered trademark.

A “doing business as” (DBA) is often also known as a “trade name” or an “assumed name.” You usually must register a DBA if your business is using a name other than its official legal name. Sole proprietorships and partnerships don’t need a DBA if they’re doing business under the owners’ names. LLCs and corporations don’t need a DBA if they’re using the business’s official name. It’s possible for multiple businesses in the same state to share the same DBA name. Depending on your state and the type of business you have, you may need to file your DBA with the state or with your locality.

A domain or web address is unique to the buyer and can be essential to a business’s online presence. Though there is no legal requirement to have a domain, obtaining a domain name that matches your business name can help you brand your business and minimize the chance your business will be confused with another business online. Having a domain name does not establish a business entity or fulfill any other legal requirements, nor does it give you the exclusive right to use your business name.

Tax Identification Numbers

A federal tax identification number, also known as an Employer Identification Number (EIN) is a nine-digit number for businesses. Almost all businesses must get an EIN, though sole proprietors and single-member LLCs with no employees may be able to use the owner’s Social Security number instead. You can get an EIN for free at the IRS website, which offers specific, detailed information about requirements on its EIN application page.

Licenses and Permits

Business owners should anticipate potential requirements from all levels of government:

A federally-issued license or permit is required for many businesses whose activities fall within a federally-regulated field, such as transportation, agriculture, alcoholic beverage production and sales, broadcasting and use of natural resources.

A state or local license or permit may be required in a variety of business categories as well, all depending on state and local law. For example, if you sell goods in a state that collects sales tax, you’ll need a seller’s permit. Most localities require businesses to obtain a general business license or permit. And you may have additional state or local licensing requirements that apply to your specific industry. City or county business licensing agencies can be good places to learn what special permits or licenses might be necessary.

Business Insurance

No matter how well a business is run, liability risks can never be eliminated. Risk is part of the cost of doing business, and it pays to be prepared. Depending on the circumstance, certain insurance policies may actually be legally required as a safeguard, much like personal auto insurance is.

Many businesses rely on an insurance broker to help determine the appropriate “coverages” (and amounts of coverage) for their situation, such as these common types:

General liability insurance is recommended as the bare minimum of coverage for any business. It insures against near-universal liabilities like damage to company property or personal injuries that occur as a result of doing business.

Product liability insurance covers alleged harm from defective products and might be important for businesses that produce and distribute goods of any kind.

Professional liability insurance , also known as “errors and omissions insurance,” covers claims of professional negligence on the part of any business employee.

Commercial property insuranc e offers additional coverage for land and facilities that could suffer damage from issues like fire, flood and vandalism.

Workers’ compensation insurance covers employees who get hurt on the job and is required for any businesses with employees in all states but Texas.

Auto liability insurance covers accidents involving company-owned vehicles and employees driving on company time.

Start A Limited Liability Company Online Today with ZenBusiness

Click to get started.

The Bottom Line

Depending on the location and type of business, getting a new small business properly registered, named, licensed and insured can be a daunting process. Doing this work right can prove worthwhile as legal troubles can pile up quickly—from regulatory agencies, other businesses, customers and even a company’s own employees. Business founders take on significant risks when starting a small business venture , but much of this risk can be mitigated by ensuring legal requirements to starting the business are taken care of as early as possible.

Frequently Asked Questions

How do i setup an llc.

Setting up your own limited liability company (LLC) can be done in 7 steps:

• Decide a business name
• Designate a Registered Agent
• Get a copy of your state’s LLC Articles of Organization Form
• Prepare the LLC Article of Organization Form
• File the Articles of Organization Form.
• Create an Operating Agreement
• Keep your LLC Active

What's the difference between an LLC and a corporation?

Limited liability companies (LLCs) and corporations are similar, but distinctly different business structures that come with their own strengths and weaknesses. In general, corporations have more standardized and rigid operating structures with more recordkeeping and reporting requirements.

What is the best business structure?

The best business structure for your business will depend entirely on what kind of company you form, your industry and what you want to accomplish. But any successful business structure will be one that will help your company set realistic goals and follow through on set tasks.

• Best LLC Services
• Best Registered Agent Services
• Best Trademark Registration Services
• Top LegalZoom Competitors
• Best Business Loans
• Best Business Plan Software
• ZenBusiness Review
• LegalZoom LLC Review
• Northwest Registered Agent Review
• Rocket Lawyer Review
• Inc. Authority Review
• Rocket Lawyer vs. LegalZoom
• Bizee Review (Formerly Incfile)
• Swyft Filings Review
• Harbor Compliance Review
• Sole Proprietorship vs. LLC
• LLC vs. Corporation
• LLC vs. S Corp
• LLP vs. LLC
• DBA vs. LLC
• LegalZoom vs. Incfile
• LegalZoom vs. ZenBusiness
• LegalZoom vs. Rocket Lawyer
• ZenBusiness vs. Incfile
• How To Start A Business
• How to Set Up an LLC
• How to Get a Business License
• LLC Operating Agreement Template
• 501(c)(3) Application Guide
• What is a Business License?
• What is an LLC?
• What is an S Corp?
• What is a C Corp?
• What is a DBA?
• What is a Sole Proprietorship?
• What is a Registered Agent?
• How to Dissolve an LLC
• How to File a DBA
• What Are Articles Of Incorporation?
• Types Of Business Ownership

What Is SNMP? Simple Network Management Protocol Explained

What Is A Single-Member LLC? Definition, Pros And Cons

What Is Penetration Testing? Definition & Best Practices

What Is Network Access Control (NAC)?

What Is Network Segmentation?

How To Start A Business In Louisiana (2024 Guide)

Jane Haskins practiced law for 20 years, representing small businesses in startup, dissolution, business transactions and litigation. She has written hundreds of articles on legal, intellectual property and tax issues affecting small businesses.

Chauncey grew up on a farm in rural northern California. At 18 he ran away and saw the world with a backpack and a credit card, discovering that the true value of any point or mile is the experience it facilitates. He remains most at home on a tractor, but has learned that opportunity is where he finds it and discomfort is more interesting than complacency.

Regulatory Compliance 101 for Business Managers

By Andy Marker | August 6, 2019 (updated September 16, 2021)

• Share on Facebook
• Share on LinkedIn

Link copied

In this article, you’ll find the most useful, comprehensive guide to understanding regulations that affect American businesses, expert input on maintaining compliance while reaching your business goals, and free compliance templates.

Included on this page, you'll find specific laws and regulations by industry and public interest , the costs of not complying with regulations , details on how complying with regulations improves your business and save you money , and steps your organization can take to handle regulatory compliance .

What Is Regulatory Compliance?

Regulatory compliance , also called business compliance , refers to any organization’s obedience to the laws, regulations, and other rules that govern all organizations.  

What Is a Regulatory Requirement?

A regulatory requirement is a rule that a government entity imposes on an organization. Some federal and state laws govern virtually all organizations. Regulations govern how organizations manage their business and employees and how they interact with customers, among many other areas.

Number of Regulations Balloon in Recent Decades

There have been attempts to decrease or slow the growth of federal regulations in recent years. Still, the overall number of regulations has grown significantly over the past several decades. A 2017 U.S. Chamber of Commerce Foundation report that assessed only federal regulations found that “Over the last 60 years, the U.S population has increased by 98 percent, while the federal regulatory code has increased by 850 percent, including some 6,081 final rules published between 2015 and 2016.”  

Overall Goals of Regulations

Generally, regulations are implemented to protect someone or something, whether it be employees, consumers, the public at large, or the integrity of commerce or of business processes. The entities overseeing regulation often focus on several primary areas, including the following:

• Establishing and implementing controls at organizations
• Keeping abreast of and assessing how organizations are complying with laws and regulations
• Identifying and remediating areas where organizations are not complying
• Providing ways for organizations to report on their compliance with laws and regulations

Industries and Other Areas Where Regulations Are Prevalent

Some regulations apply to almost all organizations and businesses. But, many regulations — often federal, but also some state and local — apply to specific industries or specific areas of oversight.

Here are some regulations that apply to specific industries, areas of commerce, or other entities:

• Financial institutions and transactions
• Employment and labor law (see details below)
• Pollution and climate change
• Use and disposal of chemicals 
• Corporate identity and business structure, including recording and reporting
• Tax code and taxation requirements
• Antitrust laws
• State licensing
• Interstate commerce laws
• License and permitting laws 
• Consumer protection, including product liability and safety
• Technology/data security, including data protection and privacy
• Government, including public procurement 
• Telecommunications, media, and technology
• Other European Union regulatory matters, including agriculture, import/export, pharmaceutical and medical devices, sports and gaming, and specific product regulation
• Contract laws

What Is Compliance in the Workplace?

A wide range of regulations apply to employment and the workplace. These regulations concern the following aspects of your business:

• Employee discipline and termination
• Hiring practices
• Sexual harassment, intimidation, or other offensive acts
• Discriminatory hiring or unfair employment practices
• Wages and hours
• Work environment
• Workplace safety
• Recruitment and retention of employees

Regulations and Regulatory Compliance in Nations Outside the U.S.

Countries outside the United States also have a wide range of regulations, of course. Here’s an overview on regulations in four countries:

• Australia: The nation has a range of financial regulations, overseen especially by the Reserve Bank of Australia, the Australian Prudential Regulation Authority, the Australian Securities and Investments Commission, and the Australian Competition and Consumer Commission. Other important national regulators include the Australian Communications and Media Authority, for issues relating to the internet, broadcast, and communication; the Therapeutic Goods Administration, for medical devices and drugs; and the Clean Energy Regulator, for the oversight of energy and carbon emission issues.
• Canada: The nation has two independent bodies that oversee most financial entities in Canada. The Office of the Superintendent of Financial Institutions regulates banks, insurance companies, and other financial entities and transactions. Meanwhile, the Financial Transactions and Reports Analysis Centre of Canada works to detect money laundering and also gathers and analyzes information on possible financing of and by terrorist organizations. Unlike most nations, Canada does not have a federal regulator of securities. Entities within provinces and territories work together to regulate securities trading. Other Canadian regulators include the following: Environment and Climate Change Canada, which oversees regulations relating to the environment and alternative energy; Health Canada, which oversees public health; and the Canadian Food Inspection Agency, which oversees food safety and animal health.
• India: India has regulations at the local, state, and national level. Many of its regulations fall into three areas: economic, environmental, and public interest-related. Many of these regulations are implemented at the national level.
• United Kingdom: The United Kingdom has a wide range of regulations, some of them specific to the U.K. and some of them set up by European Union legislation. The U.K. Corporate Governance Code governs how publicly traded companies in the U.K. are set up and operate. The code focuses particularly on best practices by boards of directors in corporate governance.

Specific Laws and Regulations by Industry and Public Interest

Tens of thousands of laws and regulations apply to organizations across the U.S. In many cases, these laws and regulations apply to companies within certain industries or apply in certain subject areas. Examples of specific laws in particular industries or areas include the following: 

• Dodd-Frank Act: Passed in 2010, this act created regulations to increase transparency and accountability within the financial industry.
• Payment Card Industry Data Security Standard (PCI DSS): Established not by government but by the four major credit card companies, this standard sets policies to increase the security of transactions involving credit and debit cards.
• Sarbanes-Oxley Act (SOX): This federal law set up a wide range of auditing and financial regulations for publicly traded companies. The law was created to decrease accounting errors and fraud. Read more about Sarbanes-Oxley here . 
• Gramm–Leach–Bliley Act (GLBA): This act removed regulatory barriers that banned commercial banks, investment banks, securities firms, and insurance companies from consolidating.
• Fair Credit Reporting Act of 1970: This act regulates the collection of credit information and access to a person’s credit reports.
• Sherman Act of 1890: This is a landmark U.S. antitrust law that prohibits anti-competitive agreements between companies and other business conduct that might lead to a monopoly in a market.
• Securities Exchange Act of 1934: This act, which created the Securities and Exchange Commission (SEC), governs securities transactions in the U.S..
• Securities Act of 1933: Approved after the stock market crash of 1929, this act was intended to increase transparency in financial statements and decrease fraud.
• Bank Secrecy Act (BSA): This act requires that financial institutions assist the U.S. government in detecting and preventing money laundering.
• Federal Information Security Management Act (FISMA): This act requires federal agencies to implement programs to keep their information technology systems secure from data breaches and other outside intrusions.
• European Union Data Protection Directive (EUDPD): This 1995 directive by the European Union regulates the processing of an individual’s personal data. (This law was later superseded by the European Union’s General Data Protection Regulation of 2016.)
• General Data Protection Regulation: This is an updated EU law regulating the personal data of EU citizens.
• Finnish Personal Data Act: This legislation, approved by Finland in 1999, protects and regulates the personal data of the country’s citizens.
• Danish Act on Processing of Personal Data: This legislation protects the personal data of Denmark’s citizens.
• Austrian Federal Act Concerning the Protection of Personal Data: This legislation protects the personal data of Austria’s citizens.
• California Senate Bill 1386: This is a California law that requires any company that experiences a data breach to notify any California citizens whose information may likely be exposed as part of that breach.
• Health Insurance Portability and Accountability Act (HIPAA): Among other things, this act protects health insurance coverage for workers when they change jobs and regulates how hospitals, insurers, and other groups use and disclose certain health information about individuals.
• Joint Commission (Healthcare): A nonprofit organization that accredits hospitals and health organizations and programs in the U.S.
• Civil Rights Act of 1964: This is a U.S. law that bans discrimination based on a person’s race, sex, national origin, or religion.
• Americans with Disabilities Act: This act bans discrimination based on a person’s disability. 
• Fair Labor Standards Act (FLSA): This act sets the minimum wage, overtime pay, and other standards for workers in the U.S. You can find free overtime authorization templates here.
• Family and Medical Leave Act (FMLA): This act requires most U.S. employers to give employees unpaid leave for certain medical and family reasons.
• Workers’ Compensation Laws: These are state laws that require employers to pay for employees who are injured on the job.
• Worker Adjustment and Retraining Notification Act of 2003 (WARN): This act requires employers with 100 or more employees to notify workers 60 days in advance of any plant closings or large layoffs.
• Equal Pay Act of 1963: This act was aimed at ending wage disparities based on gender.
• Federal Workers' Compensation Act: This act established compensation to federal workers who are injured on the job.
• Uniformed Services Employment and Reemployment Rights Act (USERRA): This act protects civilian job rights for members of the military and military reserves while they are on military duty. 
• Hazard Analysis and Critical Control Points (HACCP): This is a system that addresses food safety issues. 
• Immigration and Nationality Act of 1952: This act governs immigration and citizenship in the U.S..
• Migrant and Seasonal Agricultural Worker Protection Act: This act sets employment, housing, and other standards for seasonal farm workers in the U.S..
• Employee Retirement Income Security Act (ERISA): This act governs employee benefit plans in the U.S..
• Social Security Act of 1935: This act established the Social Security system of benefits for retired and disabled U.S. citizens.
• USA PATRIOT Act: This 2001 law established protections against terrorism in the U.S.

Industries Most Affected by Regulatory Compliance

Regulations are especially wide-ranging and complex within certain industries. The following are among the most heavily regulated industries:

• Financial services
• Health care
• Life sciences
• Information technology

Regulations Governing Internal Requirements for Businesses

Governments — often state governments — require companies incorporated within a state to keep and provide records relating to the operation of business. Those requirements might apply to the following elements of a business:

• Information about annual directors’ meetings
• A company’s bylaws and updates of those bylaws
• A company’s provision of stock to shareholders
• All of a company’s stock transfers
• Company records on major business transactions
• Updates or important changes to the operations of a company

Agencies That Oversee or Provide Guidance on Regulatory Compliance

Hundreds of local, state, and federal agencies administer laws and regulations that apply to organizations. Those agencies, and sometimes other groups, also provide guidance to help companies understand and follow the laws and regulations that apply to them. Some of those agencies and groups include the following:

• U.S. Securities and Exchange Commission (SEC): The SEC administers a wide range of laws and regulations that apply to the United States’ securities exchanges and publicly traded companies. 
• U.S. Office of Foreign Assets Control (OFAC): This entity enforces trade sanctions that the U.S. may impose on foreign governments, organizations, and people.
• United States Sentencing Commission: This government agency has provided guidelines on compliance relating to federal criminal laws that organizations and companies must follow.
• Small Business Administration (SBA) and (its website) Business.gov: The SBA provides a wide range of information that can help businesses understand and comply with regulations.
• Equal Employment Opportunity Commission (EEOC): This agency administers laws and regulations that apply to companies’ hiring practices. It focuses on employment discrimination against people based on their race, gender, religion, age, or other such factors.
• Employee Benefits Security Administration (EBSA): This body enforces laws and regulations relating to employee benefit plans.
• Civil Rights Center with Federal Department of Labor: This entity enforces rights guaranteed by the Civil Rights Act of 1964, which includes an employee’s right to do their job without any discrimination based on race, gender, or other such factors.
• Occupational Safety and Health Administration: This agency administers laws and regulations relating to workplace safety.
• Employment and Training Administration of Federal Department of Labor: This government entity administers laws and regulations relating to companies laying off a large group of employees at the same time. It includes a requirement that businesses with 100 or more employees notify workers at least 60 days in advance of a planned layoff.
• Environmental Protection Agency (EPA): This agency administers laws and regulations that relate to how businesses’ operations affect the natural environment.
• Federal Financial Institutions Examination Council (FFIEC): The FFIEC consists of a group of five financial regulatory agencies that together oversee the Gramm-Leach-Bliley Act, which, among other things, requires financial institutions to protect the privacy of financial information they have about individuals.

Non-Governmental Entities That Oversee Industry Standards and Regulations

Some industry-related organizations have established standards that serve as quasi-regulations within specific industries. Other nonprofits have been established to oversee certain industries and regulations, including the following:

• American Society of Mechanical Engineers (ASME): This industry organization has developed rules to ensure that products meet safety, security, and other engineering standards.
• Financial Industry Regulatory Authority (FINRA): This is a nonprofit group authorized by Congress to oversee securities brokerage firms and brokers in the U.S. It can discipline its members for violating a wide range of FINRA rules that govern broker actions and behavior.
• Public Company Accounting Oversight Board (PCAOB): This is a nonprofit entity created by the Sarbanes-Oxley Act that oversees the auditors, and auditing behaviors, of public companies.

Standards That Help Guide Regulatory Compliance

• NIST Standards: These standards were set up by the National Institute of Standards and Technology, a federal agency, to guide compliance with some regulations.
• International Organization for Standardization (ISO) and ISO 19600: The ISO is an international body that sets standards in a range of industrial, commercial, and other areas. Its ISO 19600 standard offers guidance on how organizations can set up and maintain a system of compliance management.
• ISO/IEC 27002: This is a standard that recommends best practices to ensure appropriate security for information technology systems.
• COBIT: This is a framework that recommends best practices for managing and governing information technology. The COBIT framework was created by an information technology professional association called the Information Systems Audit and Control Association — now known only by its acronym, ISACA. ( Learn more about information security and enterprise security here .)

What Is a Regulatory Compliance Cost?

A regulatory compliance cost is the amount of money or other resources an organization must expend to ensure it complies with all applicable regulations. For example, many regulations require detailed record-keeping that calls for employee time and other company resources.

The total economic costs for U.S. organizations to comply with all regulations is likely impossible to calculate. A 2017 report by the American Hospital Association estimated that regulations in the U.S. healthcare industry alone cost hospitals about $38.6 billion per year.

The Costs of Not Complying with Regulations

While the costs of complying with regulations can be steep, so can the costs of not complying. In fact, most experts say that the costs of the latter can be much steeper.

“Regulatory compliance is expensive,” says Marta Moakley, a lawyer and legal editor for XpertHR , an online subscription service that provides companies with legal and compliance advice on human resources issues. “But, regulatory non-compliance can be infinitely more expensive.” Here are some of the costs of non-compliance:

• Penalties: The most obvious costs, of course, are the governmental penalties for non-compliance. Fines for some minor violations — missing the deadline for filing an annual corporate report for your private business, for example — might be a few hundred dollars. But, violating SEC and other financial regulations can bring millions of dollars in fines. Hospitals that violate HIPAA patient privacy provisions can pay several millions of dollars in fines for large data breaches or repeat incidents. The European Union’s General Data Protection Regulation applies to any organization that obtains or stores the personal data of an EU citizen. That means the regulation applies to many U.S. businesses. The maximum penalty for violating some provisions of the GDPR is €20 million, or four percent of an entity’s gross global revenue.
• Enron: Shares of the apparently very successful Texas energy company were trading at more than $90 in 2000. Then, in the fall of 2001, it was revealed that Enron’s actual financial condition was falsified through a wide range of accounting fraud. The stock price dropped to less than $1 by late 2001. The company filed for bankruptcy and was eventually dissolved. A number of executives pleaded guilty or were found guilty of a number of felonies, including fraud. The scandal was also a significant reason for Congress approving the Sarbanes-Oxley Act in 2002. 
• Volkswagen: In 2015, it was revealed that the exhaust control equipment in the diesel engines of almost 600,000 of the company’s cars sold in the U.S. had been programmed to shut off after emissions testing was completed on the vehicles. That meant that when the vehicles were on the road, they were emitting much more pollution than the regulations allowed. Volkswagen eventually admitted to rigging nearly 11 million diesel-powered vehicles in the same way. The company has paid more than $32 billion in fines and compensation for customers. 
• Wells Fargo: In April 2018, federal regulators fined Wells Fargo $1 billion for forcing customers to buy car insurance they didn’t need and for charging unfair fees to mortgage borrowers. In February 2018, the Federal Reserve punished the bank for, among other things, creating millions of fake customer accounts. The Federal Reserve imposed penalties that limit the bank’s growth until it proves it has improved its internal controls. Wells Fargo also paid $185 million in other fines and settled a class-action suit for $142 million in connection with fraudulent practices.

Complying with Regulations Improves Your Business and Saves Money

Experts say that the penalties and reputation damage from flouting regulations make one thing clear: complying with regulations saves money in the long run. There are also other benefits to regulatory compliance:

• Improve Your Organization’s System and Operations: When you comply with regulations, your organization runs more smoothly.
• Build a Positive Reputation among Employees, Customers, and the Public: Complying with regulations expands your credibility and legitimacy both inside and outside the company.
• Achieve Higher Employee Productivity and Higher Employee Retention: “I encourage employers to view compliance as a smart business decision,” says XpertHR’s Moakley. “It emphasizes a fair and safe workplace. Employees will probably be more productive, and employee turnover costs will be at a more reasonable level.”

Moakley says that companies need to understand “that compliance overall is good business. I think most businesses don’t think of compliance as a cost-saving measure,” she explains. “They think of it as a burden. But, it is a cost-saving measure — in the short and long-term.”

What Is a Regulatory Compliance Policy?

A regulatory compliance policy is a statement from an organization — most often in writing — in which the entity establishes its commitment to following all laws and regulations and gives details on structures the company has put in place and practices it will follow to achieve compliance.

XpertHR’s Moakley says it is very important for a company to regularly and clearly communicate this policy to all employees. Companies should also collect electronic verifications from employees indicating that they’ve read and understood the policy, she adds.

“A business should communicate to its workforce, and to its leaders, what’s important: that this policy exists and that it reflects a culture that is important to an organization,” she explains.

This template provides your organization with the basics to create a strong regulatory compliance policy. The pre-built template includes space for the main components of a policy document, including procedures and policies you will commit to follow. Additionally, the template includes questions your organization should answer to create a comprehensive regulatory compliance policy document. 

Download Regulatory Compliance Policy Template

Word  | PDF

How to Stay on Top of Regulatory Compliance

It can seem overwhelming to understand and track all of the regulations that might apply to your company. But, there are basic steps that even smaller companies can take to stay on top of regulatory compliance:

• Assess Your Company’s Overall Exposure to Regulations: It’s important to understand whether or not your company is in a highly regulated industry (like healthcare, financial services, and insurance). If it is, you should begin by seeking outside advice from experts in your industry. Even if your company is in a less regulated industry, use common sense about likely regulations. “If you’re preparing food, do you need to worry about food regulations?” asks Spark Compliance’s Grant-Hart. “Look at your company and think about what type of laws would naturally apply to it.”
• Perform a Compliance Training Needs Assessment: The best way to understand and comply with regulations that affect your company is to train your employees. But, it may be cost prohibitive to train employees on every regulation that might apply to your company.  Moakley recommends performing the training needs assessment that might be most beneficial for your company. The assessment should include three categories, she says: areas that must be covered in the training; areas that would ideally be covered; and areas that may not be a good return on your company’s investment. “Your training needs analysis may recommend most of the need-to-haves and may have to forego some of the other areas,” she says.
• Establish a Code of Conduct: Grant-Hart recommends that companies create a code of conduct document that lays out ethics that the company and its employees should adhere to. For example, the code might include provisions about the limit on the value of gifts an employee can accept from a business associate. It might also include provisions detailing protections against harassment in the workplace and protections for “whistleblowers” — employees who raise ethical issues about something the company or another company employee has done. Grant-Hart recommends that as companies approach how they will deal with regulatory compliance, “they start with a code of conduct.” Such a code “tends to be the founding document for all compliance programs,” she says.
• When Using and Adopting New Technologies, Always Consider the Regulations That May Apply to Those New Technologies: Don’t take it for granted that you’re already compliant just because you were compliant when using an earlier generation of a technology. 
• Understand Where to Find Regulatory Information and How To Track Changes: A wide range of third-party services and software are available to help companies understand regulations. But, there’s also a large amount of accurate and free information, including from the government agencies that enforce the regulations, says Moakley. She adds, “It’s important to view compliance as an ongoing process that you need to evaluate and tweak — based on business needs and a shifting legal landscape.”

Use this template to outline the essential elements for a strong regulatory compliance plan. The template asks for details about your organization’s leadership, standards, communication strategies, training, employee discipline, and how it will continually improve its regulatory compliance.

Download Regulatory Compliance Plan Template

When Regulatory Compliance and Data Privacy Are at Cross-Purposes

Increasing demand for data privacy — and in some cases increasing regulations related to data privacy — can run counter to the demands for record-keeping concerning a number of other regulations. Here are two especially problematic areas:

• Data Retention: Many regulations require organizations to keep data for long periods of time, sometimes in ways that can make it difficult for companies to comply with data privacy regulations that impose strict limits on how businesses gather and store personally identifiable data.
• The “Right to Be Forgotten”: Data privacy laws often give people the “right to be forgotten” — meaning that organizations must destroy all personal data about an individual upon that individual’s request. Those rights can run counter to other regulations’ requirements that certain data be kept as evidence of compliance.

Organizational Strategic Issues to Consider Regarding Regulatory Compliance

Companies that are subject to a significant regulation need to consider how to structure their companies and processes to ensure they can operate well while also complying with regulations. Company leaders need to think about the following factors:

• How to predict the potential impact of regulations on the company’s strategic direction, its business goals, and its regulatory compliance processes
• How to balance the duties of compliance among legal, auditing, and other business functions
• How to encourage common compliance across different teams and company locations
• How to create internal systems that monitor and report on compliance
• How to measure the value of compliance, including in employee performance evaluations

Steps Organizations Can Take to Handle Regulatory Compliance

Larger companies and companies within highly regulated industries need to hire employees — sometimes dozens or even hundreds of employees — whose primary focus is the company’s regulatory compliance.

The Securities and Exchange Commission requires any company with publicly traded stock to have a compliance officer. The majority of such companies have regulatory compliance departments; some banks and other large companies have a compliance staff of hundreds.

Alternatively, smaller private companies may not even have one employee solely responsible for compliance. They may have a company lawyer or outside lawyer handle compliance. Or, a top company executive may be responsible. When it comes to smaller companies, Moakley advises, “it’s helpful to have a point person” who’s responsible for regulatory compliance.

Beyond staffing, companies can use software or undergo internal assessments to help with regulatory compliance. These options include the following:

• Acquiring Compliance Management Software: This helps organizations track the wide range of regulations that apply to all companies as well as those within specific industries.
• Developing a Business Continuity Plan: This involves determining how a company can continue to operate during and after a disaster, including a natural disaster, crash, virus, or other catastrophic event affecting a business’s information technology systems.
• Assessing Auditing Systems: This is an internal assessment that is crucial to maintaining regulatory compliance.
• Assessing and Improving the Security and Privacy of Information Technology Systems: This is also an internal assessment that is central to maintaining regulatory compliance.

This pre-built template provides your organization with a structure to create periodic reports on your regulatory compliance work. The template asks for details on regulatory compliance requirements that apply to your organization, along with compliance status, a summary of actions taken, and recommendations for future actions.

Download Regulatory Compliance Report Template

Executive Positions That Regulatory Compliance Has Created

As regulations have increased in recent decades, larger organizations are increasingly hiring executives to fill specific compliance roles. Here are three of the most common positions:

• Corporate compliance officer
• Chief compliance officer
• Regulatory compliance officer

What’s Your Major? — “Regulatory Compliance”

As more companies hire executives and staff that focus on regulatory compliance, colleges and universities are taking notice. And, some colleges and universities have now established areas of study that are partially or entirely focused on regulatory compliance:

• Northwestern University’s School of Professional Studies in Chicago offers a Master’s of Science in Regulatory Compliance . 
• Drexel University in Philadelphia offers a Graduate Certificate in Financial Regulatory Compliance , along with a Master’s of Legal Studies with a concentration in financial regulatory compliance.
• The University of Scranton in Pennsylvania offers a Master’s of Science in Human Resources Management that includes a significant focus on compliance issues.

FAQ: A Career in Regulatory Compliance Management

As more companies hire people for regulatory compliance work, and as colleges and universities offer majors that focus on compliance, more people are interested in understanding a potential career in compliance. Here are some of the most frequently asked questions about compliance managers:

What does a regulatory compliance manager do?

A regulatory compliance manager works to understand regulations that apply to an organization and sets up systems that help ensure the organization complies with those regulations. Alternatively, they work in governments that enforce regulations.

Where do regulatory compliance managers work? 

Almost half of regulatory compliance managers work in federal, state, and local governments. The rest work in private enterprise and other organizations.

What is the average salary of a regulatory compliance manager? 

In 2015, the median salary was $69,180.

What is the job demand for regulatory compliance managers? 

In 2014, job demand was expected to grow about three percent per year between 2014 and 2024 — which was about half the national average for all jobs. Some believe that the growth of job opportunities in this industry might be slowing down as businesses increasingly use software and other technology to help with their regulatory compliance.

What are the educational requirements for a regulatory compliance manager? 

The job requires a bachelor’s degree; a graduate degree might be beneficial if job growth is slow.

Benefits of Using an Outside Provider to Help with Your Company’s Regulatory Compliance

Many companies hire outside providers to help with regulatory compliance training or other compliance services. These providers may help smaller companies with much of their compliance work. But, the providers can also help the compliance departments of larger companies with specific tasks. Here are some of the benefits to hiring outside providers:

• They provide teams that are specialized and expert in specific industries and areas of compliance.
• They often have technical knowledge in a wide variety of areas.
• They use expert-developed risk methodologies and tools, which can help companies understand industry standards and best practices in a specific industry.

Services and Expertise of Regulatory Compliance Providers

Providers of regulatory compliance consulting can help your company in a number of ways:

• Help your company set up the design of a compliance program that routinely assesses risk and other compliance issues.
• Develop ways to embed your company’s compliance goals within the day-to-day operations of the business.
• Help your company understand and use technology to assist with compliance.
• Help your company track and adjust to continually changing compliance requirements.
• Conduct compliance and risk assessments.
• Help your company achieve an appropriate balance between compliance and risk, given limited budgets.
• Implement processes that help your company report its regulatory compliance.

Improve Regulatory Compliance with Real-Time Work Management in Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk. 

These templates are provided as samples only. These templates are in no way meant as legal or compliance advice. Users of these templates must determine what information is necessary and needed to accomplish their objectives.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

• Search Search Please fill out this field.

What Is a Business Plan?

Understanding business plans, how to write a business plan, common elements of a business plan, the bottom line, business plan: what it is, what's included, and how to write one.

Adam Hayes, Ph.D., CFA, is a financial writer with 15+ years Wall Street experience as a derivatives trader. Besides his extensive derivative trading expertise, Adam is an expert in economics and behavioral finance. Adam received his master's in economics from The New School for Social Research and his Ph.D. from the University of Wisconsin-Madison in sociology. He is a CFA charterholder as well as holding FINRA Series 7, 55 & 63 licenses. He currently researches and teaches economic sociology and the social studies of finance at the Hebrew University in Jerusalem.

• How to Start a Business: A Comprehensive Guide and Essential Steps
• How to Do Market Research, Types, and Example
• Marketing Strategy: What It Is, How It Works, How To Create One
• Marketing in Business: Strategies and Types Explained
• What Is a Marketing Plan? Types and How to Write One
• Business Development: Definition, Strategies, Steps & Skills
• Business Plan: What It Is, What's Included, and How to Write One CURRENT ARTICLE
• Small Business Development Center (SBDC): Meaning, Types, Impact
• How to Write a Business Plan for a Loan
• Business Startup Costs: It’s in the Details
• Startup Capital Definition, Types, and Risks
• Bootstrapping Definition, Strategies, and Pros/Cons
• Crowdfunding: What It Is, How It Works, and Popular Websites
• Starting a Business with No Money: How to Begin
• A Comprehensive Guide to Establishing Business Credit
• Equity Financing: What It Is, How It Works, Pros and Cons
• Best Startup Business Loans
• Sole Proprietorship: What It Is, Pros & Cons, and Differences From an LLC
• Partnership: Definition, How It Works, Taxation, and Types
• What is an LLC? Limited Liability Company Structure and Benefits Defined
• Corporation: What It Is and How to Form One
• Starting a Small Business: Your Complete How-to Guide
• Starting an Online Business: A Step-by-Step Guide
• How to Start Your Own Bookkeeping Business: Essential Tips
• How to Start a Successful Dropshipping Business: A Comprehensive Guide

A business plan is a document that outlines a company's goals and the strategies to achieve them. It's valuable for both startups and established companies. For startups, a well-crafted business plan is crucial for attracting potential lenders and investors. Established businesses use business plans to stay on track and aligned with their growth objectives. This article will explain the key components of an effective business plan and guidance on how to write one.

Key Takeaways

• A business plan is a document detailing a company's business activities and strategies for achieving its goals.
• Startup companies use business plans to launch their venture and to attract outside investors.
• For established companies, a business plan helps keep the executive team focused on short- and long-term objectives.
• There's no single required format for a business plan, but certain key elements are essential for most companies.

Investopedia / Ryan Oakley

Any new business should have a business plan in place before beginning operations. Banks and venture capital firms often want to see a business plan before considering making a loan or providing capital to new businesses.

Even if a company doesn't need additional funding, having a business plan helps it stay focused on its goals. Research from the University of Oregon shows that businesses with a plan are significantly more likely to secure funding than those without one. Moreover, companies with a business plan grow 30% faster than those that don't plan. According to a Harvard Business Review article, entrepreneurs who write formal plans are 16% more likely to achieve viability than those who don't.

A business plan should ideally be reviewed and updated periodically to reflect achieved goals or changes in direction. An established business moving in a new direction might even create an entirely new plan.

There are numerous benefits to creating (and sticking to) a well-conceived business plan. It allows for careful consideration of ideas before significant investment, highlights potential obstacles to success, and provides a tool for seeking objective feedback from trusted outsiders. A business plan may also help ensure that a company’s executive team remains aligned on strategic action items and priorities.

While business plans vary widely, even among competitors in the same industry, they often share basic elements detailed below.

A well-crafted business plan is essential for attracting investors and guiding a company's strategic growth. It should address market needs and investor requirements and provide clear financial projections.

While there are any number of templates that you can use to write a business plan, it's best to try to avoid producing a generic-looking one. Let your plan reflect the unique personality of your business.

Many business plans use some combination of the sections below, with varying levels of detail, depending on the company.

The length of a business plan can vary greatly from business to business. Regardless, gathering the basic information into a 15- to 25-page document is best. Any additional crucial elements, such as patent applications, can be referenced in the main document and included as appendices.

Common elements in many business plans include:

• Executive summary : This section introduces the company and includes its mission statement along with relevant information about the company's leadership, employees, operations, and locations.
• Products and services : Describe the products and services the company offers or plans to introduce. Include details on pricing, product lifespan, and unique consumer benefits. Mention production and manufacturing processes, relevant patents , proprietary technology , and research and development (R&D) information.
• Market analysis : Explain the current state of the industry and the competition. Detail where the company fits in, the types of customers it plans to target, and how it plans to capture market share from competitors.
• Marketing strategy : Outline the company's plans to attract and retain customers, including anticipated advertising and marketing campaigns. Describe the distribution channels that will be used to deliver products or services to consumers.
• Financial plans and projections : Established businesses should include financial statements, balance sheets, and other relevant financial information. New businesses should provide financial targets and estimates for the first few years. This section may also include any funding requests.

Investors want to see a clear exit strategy, expected returns, and a timeline for cashing out. It's likely a good idea to provide five-year profitability forecasts and realistic financial estimates.

2 Types of Business Plans

Business plans can vary in format, often categorized into traditional and lean startup plans. According to the U.S. Small Business Administration (SBA) , the traditional business plan is the more common of the two.

• Traditional business plans : These are detailed and lengthy, requiring more effort to create but offering comprehensive information that can be persuasive to potential investors.
• Lean startup business plans : These are concise, sometimes just one page, and focus on key elements. While they save time, companies should be ready to provide additional details if requested by investors or lenders.

Why Do Business Plans Fail?

A business plan isn't a surefire recipe for success. The plan may have been unrealistic in its assumptions and projections. Markets and the economy might change in ways that couldn't have been foreseen. A competitor might introduce a revolutionary new product or service. All this calls for building flexibility into your plan, so you can pivot to a new course if needed.

How Often Should a Business Plan Be Updated?

How frequently a business plan needs to be revised will depend on its nature. Updating your business plan is crucial due to changes in external factors (market trends, competition, and regulations) and internal developments (like employee growth and new products). While a well-established business might want to review its plan once a year and make changes if necessary, a new or fast-growing business in a fiercely competitive market might want to revise it more often, such as quarterly.

What Does a Lean Startup Business Plan Include?

The lean startup business plan is ideal for quickly explaining a business, especially for new companies that don't have much information yet. Key sections may include a value proposition , major activities and advantages, resources (staff, intellectual property, and capital), partnerships, customer segments, and revenue sources.

A well-crafted business plan is crucial for any company, whether it's a startup looking for investment or an established business wanting to stay on course. It outlines goals and strategies, boosting a company's chances of securing funding and achieving growth.

As your business and the market change, update your business plan regularly. This keeps it relevant and aligned with your current goals and conditions. Think of your business plan as a living document that evolves with your company, not something carved in stone.

University of Oregon Department of Economics. " Evaluation of the Effectiveness of Business Planning Using Palo Alto's Business Plan Pro ." Eason Ding & Tim Hursey.

Bplans. " Do You Need a Business Plan? Scientific Research Says Yes ."

Harvard Business Review. " Research: Writing a Business Plan Makes Your Startup More Likely to Succeed ."

Harvard Business Review. " How to Write a Winning Business Plan ."

U.S. Small Business Administration. " Write Your Business Plan ."

SCORE. " When and Why Should You Review Your Business Plan? "

• Terms of Service
• Editorial Policy
• Privacy Policy

• Credit cards
• View all credit cards
• Banking guide
• Loans guide
• Insurance guide
• Personal finance
• View all personal finance
• Small business
• Small business guide
• View all taxes

You’re our first priority. Every time.

We believe everyone should be able to make financial decisions with confidence. And while our site doesn’t feature every company or financial product available on the market, we’re proud that the guidance we offer, the information we provide and the tools we create are objective, independent, straightforward — and free.

So how do we make money? Our partners compensate us. This may influence which products we review and write about (and where those products appear on the site), but it in no way affects our recommendations or advice, which are grounded in thousands of hours of research. Our partners cannot pay us to guarantee favorable reviews of their products or services. Here is a list of our partners .

16 Important Legal Requirements for Starting a Small Business

Many, or all, of the products featured on this page are from our advertising partners who compensate us when you take certain actions on our website or click to take an action on their website. However, this does not influence our evaluations. Our opinions are our own. Here is a list of our partners and here's how we make money .

Starting a new business is a challenging pursuit. Part of what makes it so complicated is all the legal implications that come with starting a business. As a business owner, you want to make sure you have covered all your legal bases to avoid any fines, lawsuits, or—worst case—even jail time.

Fortunately, there are plenty of legal resources available to small businesses both online and through hired legal counsel. Use this list as a jumping off point, covering the legal requirements for starting a small business. Checking these off your to-do list will help you ensure that you don't run afoul of any laws. The sooner you take care of these things, the sooner you can focus on what you do best—selling your product or service.

LLC Formation

$0 + state fees  

16 legal requirements for starting a small business

1. designate the proper business entity..

First things first. Choose the proper business entity or structure for your startup. This is crucial because it affects your personal liability, what you pay in taxes, and your fundraising ability. Possible structures include sole proprietorship, general and limited partnership, C-corporation, S-corporation, and limited liability company. Once you decide which structure is best for your company, you need to officially designate it through your secretary of state.

Most small businesses start out as sole proprietorships or partnerships because these require minimal paperwork and set up time. However, these types of businesses also don't offer sufficient liability protection for business owners. A corporation or LLC is generally a better choice as your business grows, particularly if you're planning to secure a business loan or raise venture capital.

» MORE: LLC vs. corporation

2. Check which licenses, permits, and registrations your business needs.

Depending on your type of business and where it’s located, you might need specific business licenses and permits from your country, state, county, or city. Licenses, permits, and registrations come in many variations. Examples include local business licenses, building permits, health safety-related permits, permits for home-based businesses, fire permits, industry-related permits (like running a legal practice, hospitality, construction, or manufacturing business), liquor licenses, and more.

The possibilities are many, so make sure to do thorough research—perhaps with the help of your counsel—on what you need to be compliant with the law in your area. Your city or county's business licensing agency is also a good place to start.

3. Make sure you are paying proper business taxes.

Every business owner is legally required to pay taxes. This includes income tax, self-employment taxes, and for some businesses, sales tax. It's wise to hire an accountant or tax advisor to make sure you are compliant with all tax laws. Accounting software for startups can also help you figure when to file taxes and what forms you need to fill out.

Most small business owners can't wait until March or April to pay taxes. The IRS has a pay-as-you-go tax schedule for businesses, requiring business owners to pay estimated taxes on a quarterly basis. Make sure you check the IRS requirements for your business type to avoid any fines and back taxes.

4. Do proper bookkeeping.

In most places, you are obligated by law to record all business transactions according to a specific accounting method. See what’s required of you for your industry and location in terms of record-keeping obligations, and set up a proper filing and bookkeeping system for all documents and transactions. This will greatly help you down the line in doing taxes or if you ever run into other legal troubles.

5. Get a founders agreement in writing.

If your business operates with multiple business owners, it’s important to make sure that each person knows and understands their rights and responsibilities in relation to the business. How this comes about depends on your business structure. If you form a corporation, you need a proper shareholder agreement and articles of incorporation. If you form an LLC, you will need articles of organization and an LLC operating agreement. You also need designated legal counsel to make sure the agreements and articles are sound.

6. Set a vesting schedule for all founders and early employees.

This is a practical measure many startups often overlook when they’re just starting out and excited about getting off the ground. But this will protect your business down the line and ensure a certain level of commitment each founder or early employee brings to the table.

Creating a vesting schedule upon incorporation states that stock ownership will vest over time, preventing investors from selling all their stock whenever they please. Note that most investors require this measure before they'll make any initial investments.

7. Get your employer identification number (EIN).

In order to open a corporate bank account and to properly file your business tax returns, many businesses need an employer identification number (EIN). You can easily request one for free from the IRS over the phone or by using an online application on the IRS website. Only sole proprietorships and single-member LLCs with no employees are exempt from this requirement.

You need the social security number of the person completing the form for the company (usually the president or CEO). Include information on your business entity and date of incorporation. Make sure to keep a signed copy of this application in your files.

8. Protect your intellectual property (IP).

Intellectual property is the bread and butter of many businesses. IP includes patents, copyrights, trademarks, and trade secrets as well. Be sure to file any patents as soon as possible—a process that can take more than five years. Protecting your intellectual property will be attractive to investors—but it will also help you sleep easier at night. Having exclusive rights to reproduce and display your work will make your life much, much easier down the line and ensure that no one tries to rip any IP rugs out from under you.

IP can be vastly complicated from a legal standpoint, so it might be wise to consult an experienced IP attorney who can help you through the process and provide you the greatest protection.

9. Classify your workers properly.

Many startups often misclassify their early employees. It’s important to know what kind of worker you’re hiring—essentially, the difference between an independent contractor vs. employee. This is important for tax reasons for both you and the employee and will help clarify what is and isn’t expected from you and the employee. If you misclassify an employee as an independent contractor, you could be on the hook for costly penalties and back wages.

10. Purchase workers' compensation insurance.

In all states but Texas, most businesses with employees are legally required to purchase workers' compensation insurance . Coverage should begin from the very first day your employee starts working. This insurance covers medical and legal costs associated with work-related employee injuries and illnesses. State laws about workers' compensation vary, so make sure you check your state's rules.

11. Make sure you’re in compliance with securities laws.

Founders and investors of LLCs, C-corporations, and partnerships are subject to federal and state securities laws. These laws were made to require companies to provide reliable and accurate information about their businesses to enable a fair market. They also protect from insider trading and trading fraud.

Failure to comply with these laws can result in the startup having to repurchase all of its shares at the issuance price, even if the company has lost all of its money.

12. Follow email regulations.

Email marketing is a huge part of many businesses. When you send emails to your customers or when you are targeting potential customers via email campaigns, you need to find out what the applicable email regulations are. Note that each country has its own set of rules.

Aspects covered by these rules generally include opt-in versus opt-out, B2B or B2C emails, unsubscribe rules, and minimum information to be included in your emails.

13. Make sure your investors are accredited.

The current definition of an accredited investor under the Securities and Exchange Commission rules includes eight categories of investors, but the most general investor accreditation means that the person:

Has at least $1 million in the bank

Has at least $200,000 in annual income

Understands and is willing to take the investment risk

The SEC has guidelines for what constitutes “reasonable efforts” on these accounts. It’s possible to raise funds outside the narrow limitation of accredited investors, but it will open up a Pandora’s box in terms of securities and compliance enforcement. So, if you want to be the most legally sound you can possibly be, go through accredited investors.

14. Establish a privacy policy.

A privacy policy is a legal statement that specifies what a business does with the personal data collected from users or customers, along with how the data is processed and why. Violation of privacy laws can lead to criminal liability—depending on your state, this can mean hefty fines—so it’s important that startups have proper privacy policies in place and carefully adhere to them. The Small Business Administration has a great guide for establishing an appropriate privacy policy for your business.

15. Create a company handbook.

Once you have all the legal headaches sorted out and sounded, make sure everyone in the company is aware and understands your company’s legal liabilities just as well as you do—as a business owner, you could be liable for anything your employees do while representing your organization.

Company or employee handbooks are a great way to instill the values and legal boundaries of your company. It can also help to establish what is and isn’t appropriate behavior internally and externally. Have your legal counsel look this over well or even help you write it, and then get the company together to go over the material.

16. Hire competent legal counsel.

In case this hasn’t been clear throughout, work with lawyers on these complicated legal issues from the start. Startups are often so concerned about expenses that they overlook the importance of sound legal advice that could save them thousands, if not millions, down the line. You really can’t put a price on having the right attorneys on your side.

Ideally, you’ll hire an experienced business attorney on employment law, contract law, securities law, and intellectual property law. You could hire a “general counsel” on your staff at some point, but it’s common for the work to be spread out between different firms and attorneys. The cost is worth avoiding any legal trouble.

The bottom line

Starting a business is hard—don’t let anyone tell you otherwise. But if you are meticulous about getting your startup legal checklist in order, you’ll save yourself from some serious headaches down the line. Some of these items are things you can take care of yourself. But for more complicated tasks, or if you run into questions, it's important to hire a competent attorney to help you.

This article originally appeared on JustBusiness, a subsidiary of NerdWallet.

On a similar note...

What to Know About Business Laws, Lawyers, and Lawsuits

3 min. read

Updated January 5, 2024

Did you know that over 75% of small business owners are concerned about being targeted for a lawsuit? With 43% of small businesses being threatened with a lawsuit yearly and the average liability suit costing at least $54,000, this fear may not be unfounded. 

However, you can minimize this risk and not have to spend time worrying about litigation by being proactive and informed.

In this quick guide, we’ll cover the basics of business laws, when to pursue legal assistance from a business attorney or law firm, and what happens if you’re hit with a lawsuit.

*Disclaimer: All content in this guide is intended to be general information, and nothing constitutes legal advice. Please consult an attorney before making any intellectual property or other legal decisions.

• What is small business law?

Small business law refers to the collection of legal rules, regulations, and practices that govern small businesses’ formation, operation, and dissolution.

How important are business laws for new entrepreneurs?

A basic understanding of state and federal business laws ensures that you operate within legal boundaries and prevent costly fines or legal disputes. 

Knowing relevant business laws helps you make informed decisions, avoid common legal pitfalls, and build trust and credibility with customers, stakeholders, and the broader community. 

Your goal should be to have a foundational knowledge of business laws. You don’t need to be a legal expert. Instead, recognize when to consult legal professionals for detailed advice or clarification. 

Regularly attending workshops, joining business associations, and staying updated with industry news can also help you stay informed.

• Small business lawyers and attorneys

Small business lawyers are pivotal in guiding businesses through the sea of laws and regulations. 

They can offer advice, draft contracts, and ensure that your business remains on the right side of the law.

Do you need a business lawyer?

Small businesses do not always need to retain a lawyer, but legal advice can be vital during complex situations like drafting contracts or handling disputes. 

Taking a proactive approach by consulting with a lawyer regularly can prevent potential issues and ensure compliance. 

While hiring an attorney might seem like an added expense, the benefits often outweigh the costs. Think of it as an investment. You can save significantly by spending now, avoiding fines, lawsuits, and other legal complications.

Dig Deeper:

How a lawyer can help your business

Learn from real-world entrepreneurs how you can benefit from hiring legal services.

How to pick the right attorney for your business

Not all lawyers are created equal. When seeking a small business attorney, finding someone with experience in your industry and a deep understanding of the specific challenges you might face is crucial.

Brought to you by

Create a professional business plan

Using ai and step-by-step instructions.

Secure funding

Validate ideas

Build a strategy

• Small business lawsuits

No business, regardless of its size, is immune to lawsuits. From employee disputes to customer complaints—lawsuits arise from various situations. Being prepared and informed is your best defense.

What happens if your small business gets sued?

If your business faces a lawsuit:

• Remain calm
• Gather necessary documents
• Seek legal advice to strategize 

Lawsuits can bring financial and reputational challenges, so it’s vital to comprehend the consequences and aim for a resolution that safeguards your business. 

After resolving the lawsuit, reflect on the experience to enhance business operations, communication, and contracts to ensure you’re better prepared.

Dig Deeper: 5 common workplace lawsuits and how to avoid them

Complete the necessary legal requirements

Knowing the basics of small business laws is essential for every entrepreneur. You can avoid any nasty legal surprises by being informed, proactive, and seeking the proper legal counsel.

Part of being proactive is checking off all the legal requirements necessary to start a business. While you can complete most of these in any order, here are a few suggestions.

• Apply for a state and federal tax ID
• Obtain licenses and permits
• Select your business structure
• Complete a partnership agreement
• Create the appropriate contracts for employees and contractors
• Protect your ideas and intellectual property

2023 Small Business Statistics

Kody Wirth is a content writer and SEO specialist for Palo Alto Software—the creator's of Bplans and LivePlan. He has 3+ years experience covering small business topics and runs a part-time content writing service in his spare time.

Table of Contents

• More legal requirements

Related Articles

6 Min. Read

How and Where to Obtain Business Licenses and Permits

17 Min. Read

The Legal Requirements to Start a Small Business in the UK Explained

4 Min. Read

How to Create a Business Partnership Agreement

3 Min. Read

3 Reasons Why You Shouldn’t Wait to Register for a DBA

The LivePlan Newsletter

Become a smarter, more strategic entrepreneur.

Your first monthly newsetter will be delivered soon..

Unsubscribe anytime. Privacy policy .

The quickest way to turn a business idea into a business plan

Fill-in-the-blanks and automatic financials make it easy.

No thanks, I prefer writing 40-page documents.

Discover the world’s #1 plan building software

Writing a business plan: Your step-by-step guide

Learn how to write a sound business plan to help set up your business for success.

Learning how to write a sound business plan is an essential first step toward creating a successful business. Simply put, a business plan outlines your business’s overall goals, strategies, and operations, providing a long-term vision and plan for your entire business. It’s not to be confused with a business proposal, which is a sales document that pitches a specific business idea or product to a potential client or investor. A business plan can help you clarify what you want to achieve and lay out exactly how to reach those goals. This, in turn, can help you motivate your team, promote your business, and make key decisions.

A strong business plan serves as an important communication tool to potential investors and lenders. It will allow you to articulate your current financial status, sources of revenue, and how you plan to meet revenue projections. Although a business plan isn’t always required when applying for all types of credit, it often plays a significant role in SBA loan applications . While no two business plans are alike, every plan should cover the following elements.

Executive summary: Define your business

Your plan’s executive summary is your chance to introduce the business — so it needs to be concise and compelling. The summary should give a brief recap of the history and background of your business in a manner that will make the reader want to learn more about your plan. Sometimes it’s helpful to write this last — after you’ve spent some time contemplating and articulating all the details of your business.

Company summary: Delve into the details

Your business plan should explain what your product or service is and why people and businesses will want to purchase it. Be sure to highlight areas where your product or service has a clear advantage over the competition. Also, include details about pending or established copyrights or trademarks, and present or future plans for research and development (R&D).

Market analysis: Outline your strategy

A market analysis centers on the marketability of your business, who your competitors are and how you fit into the competitive landscape. In the analysis, give detailed information about your business’s industry, including the size of the market, your target market, the market need, and barriers to entry such as supply issues and regulation. Also, include information on any market tests you have conducted and identify your direct and indirect competition.

Marketing plan: Identify your niche

Here, you’ll highlight how you plan to promote your business and generate revenue. Describe in detail what your product or service does and how it will help consumers. Explain how your product is unique from others on the market, and how you will promote your business and generate revenue. Also, provide details about the product life cycle and any intellectual property issues. (Note: Some of this may reiterate or expand upon information elsewhere in your business plan.) You can protect your intellectual property , which can include names, designs and automated process, through trademarks, copyrights, non-disclosure agreements and more.

Management overview: Introduce your leaders

To highlight your human capital, describe how your business will be organized in terms of structure and leadership. Let your reader know who does what and what qualifications they have. Summarize this in your writeup, but consider providing relevant resumes, too.

Financial summary: Develop your financial plan

The financial summary, which includes details about your company’s funding sources, existing debt, any grants , as well as financial analysis, are crucial areas to lay out in detail. Explain the amount of funding your business needs and provide supporting financial data as well as financial projections . Include documents that communicate your business’s current financial status, such as income statements, balance sheets , and cash flow statements. List your expectations for revenues as well as the cost of your goods, rent, fuel, utilities, salaries, and other expenses.

The final step: Organize it logically

There are many ways you can organize the information mentioned above so you can share it with potential investors and lenders, current and prospective team members and managers, and anyone else who needs to understand your vision.

Do your research and find a business plan format that works for your business. There can be different types of plans for different types of readers, i.e. investors vs. employees, so you can modify your plan depending on your audience.

A few things to keep in mind:

• Make it easy to find key info . Create a cover page and table of contents, so information is easy to find. Also consider using dividers with tabs if you’re printing it out and putting it in a binder.
• Add more details as they emerge . Depending on what you do or sell, you may also want to add a section on Action Plans, which includes information on regulations, legal and compliance issues, safety processes, operational and management plans, an employee handbook, delineations of job descriptions of your staff, and anything else you’ve put on paper (or into a digital document).
• Consider using an Appendix . This is where you can store any supporting documents, including financial and market analyses, logo and branding examples, team resumes, and so on.

Your business plan should reflect changes in your business, the industry or the market. Make changes as necessary to incorporate the changing needs of customers or changing economic conditions in order to keep your plan current. Treating your business plan as a living document — and revising it regularly — can help you stay ahead of the competition and exceed your dreams.

Learn more:

For additional support, make an appointment with a Wells Fargo banker who can help you develop your business plan. There are also several resources available to get you started with your business and business plan. Here are a few:

• U.S. Small Business Administration
• America’s Small Business Development Centers Network
• SCORE Association

You might also like

A business owner’s guide to balance sheets

Preparing balance sheets can help attract investors by providing a clear picture of your financials.

Three key partners for managing your small business finances

Learn how your business can benefit from working with accountants, financial advisors, and bankers.

We’re here for you

Talk with a banker

Find products and services

More support.

Expand your business with interactive tools and knowledgeable partners ready to help

Work with Wells Fargo as a supplier

Learn about the broad range of opportunities we help provide diverse suppliers and how you can start working with us.

Funding for your business

Access funds for growth, cash flow or commercial reaI estate.

Move your business forward

Easy-to-use products, tools, and resources for small businesses

• Start free trial

Start selling with Shopify today

Start your free trial with Shopify today—then use these resources to guide you through every step of the process.

Business Plan: What It Is and How to Write One in 9 Steps

Business plans aren’t just for entrepreneurs who need to secure funding—they can help you plan and evaluate new ideas or growth plans, too. Find out how to write a business plan and get the most out of the process in this comprehensive guide.

A great business plan can help you clarify your strategy, identify potential roadblocks, determine necessary resources, and evaluate the viability of your idea and growth plan before you start a business .

Not every successful business launches with a formal business plan, but many founders find value in the process. When you make a business plan, you get to take time to step back, research your idea and the market you’re looking to enter, and understand the scope and the strategy behind your tactics.

Learn how to write a business plan with this step-by-step guide, including tips for getting the most of your plan and real business plan examples to inspire you.

What is a business plan?

A business plan is a strategic document that outlines a company’s goals, strategies for achieving them, and the time frame for their achievement. It covers aspects like market analysis , financial projections, and organizational structure. Ultimately, a business plan serves as a roadmap for business growth and a tool to secure funding.

Often, financial institutions and investors need to see a business plan before funding any project. Even if you don’t plan to seek outside funding, a well-crafted plan becomes the guidance for your business as it scales.

The key components of a business plan

Putting together a business plan will highlight the parts of your company’s strategy and goals. It involves several key business plan components that work together to show the roadmap to your success.

Your business plan’s key components should include: 

• Executive summary: A brief overview of your entire plan.
• Company description: An explanation of what your business does and why it’s unique. 
• Market analysis: Research on your industry, target market, and competitors.
• Organization and management: Details about your business structure and the people running it.
• Products or services: A description of what you’re selling and how it benefits customers. 
• Customer segmentation: A breakdown of your target market into different groups.
• Marketing and sales plan: The strategy for promoting and selling your products and services.
• Logistics and operations: An overview of how your business will run its daily activities and manage resources.
• Financials: A complete look at projected income, expenses, and funding needs. 

How to write a business plan in 9 steps

• Draft an executive summary
• Write a company description
• Perform a market analysis
• Outline the management and organization
• List your products and services
• Perform customer segmentation
• Define a marketing plan
• Provide a logistics and operations plan
• Make a financial plan

Few things are more intimidating than a blank page. Starting your business plan with a structured outline and key elements for what you’ll include in each section is the best first step you can take.

Since an outline is such an important step in the process of writing a business plan, we’ve put together a high-level overview to get you started (and help you avoid the terror of facing a blank page).

Once you have your business plan template in place, it’s time to fill it in. We’ve broken it down by section to help you build your plan step by step.

1. Draft an executive summary

A good executive summary is one of the most crucial sections of your business plan—it’s also the last section you should write.

The executive summary distills everything that follows and gives time-crunched reviewers (e.g., potential investors and lenders) a high-level overview of your business that persuades them to read further.

Again, it’s a summary, so highlight the key points you’ve uncovered while writing your plan. If you’re writing for your own planning purposes, you can skip the summary altogether—although you might want to give it a try anyway, just for practice.

An executive summary shouldn’t exceed one page. Admittedly, that space constraint can make squeezing in all of the salient information a bit stressful—but it’s not impossible. 

Your business plan’s executive summary should include:

• Business concept. What does your business do?
• Business goals and vision. What does your business want to accomplish?
• Product description and differentiation. What do you sell, and why is it different?
• Target market. Who do you sell to?
• Marketing strategy. How do you plan on reaching your customers?
• Current financial state. What do you currently earn in revenue?
• Projected financial state. What do you foresee earning in revenue?
• The ask. How much money are you asking for?
• The team. Who’s involved in the business?

2. Write a company description

This section of your business plan should answer two fundamental questions: 

• Who are you?
• What do you plan to do? 

Answering these questions with a company description provides an introduction to why you’re in business, why you’re different, what you have going for you, and why you’re a good investment. 

For example, clean makeup brand Saie shares a letter from its founder on the company’s mission and why it exists.

Clarifying these details is still a useful exercise, even if you’re the only person who’s going to see them. It’s an opportunity to put to paper some of the more intangible facets of your business, like your principles, ideals, and cultural philosophies.

Here are some of the components you should include in your company description:

• Your business structure (Are you a sole proprietorship, general partnership, limited partnership, or incorporated company?)
• Your business model
• Your industry
• Your business’s vision, mission, and value proposition
• Background information on your business or its history
• Business objectives, both short and long term
• Your team, including key personnel and their salaries

Brand values and goals

To define your brand values , think about all the people your company is accountable to, including owners, employees, suppliers, customers, and investors. Now consider how you’d like to conduct business with each of them. As you make a list, your core values should start to emerge.

Your company description should also include both short- and long-term goals. Short-term goals, generally, should be achievable within the next year, while one to five years is a good window for long-term goals. Make sure your goal setting includes SMART goals : specific, measurable, attainable, realistic, and time-bound.

Vision and mission statements

Once you know your values, you can write a mission statement . Your statement should explain, in a convincing manner, why your business exists, and should be no longer than a single sentence.

Next, craft your vision statement : What impact do you envision your business having on the world once you’ve achieved your vision? Phrase this impact as an assertion—begin the statement with “We will” and you’ll be off to a great start. Your vision statement, unlike your mission statement, can be longer than a single sentence, but try to keep it to three at most. The best vision statements are concise.

3. Perform a market analysis

Market analysis is a key section of your business plan, whether or not you ever intend for anyone else to read it.

No matter what type of business you start, whether a home-based business or service-based, it’s no exaggeration to say your market can make or break it. Choose the right market for your products—one with plenty of customers who understand and need your product—and you’ll have a head start on success. 

If you choose the wrong market, or the right market at the wrong time, you may find yourself struggling for each sale. Your market analysis should include an overview of how big you estimate the market is for your products, an analysis of your business’s position in the market, and an overview of the competitive landscape. Thorough research supporting your conclusions is important both to persuade investors and to validate your own assumptions as you work through your plan.

How big is your potential market?

The potential market is an estimate of how many people need your product. While it’s exciting to imagine sky-high sales figures, you’ll want to use as much relevant independent data as possible to validate your estimated potential market.

Since this can be a daunting process, here are some general tips to help you begin your research:

• Understand your ideal customer profile. Look for government data about the size of your target market , learn where they live, what social channels they use, and their shopping habits.
• Research relevant industry trends and trajectory. Explore consumer trends and product trends in your industry by looking at Google Trends, trade publications, and influencers in the space.
• Make informed guesses. You’ll never have perfect, complete information about your total addressable market. Your goal is to base your estimates on as many verifiable data points as necessary.

Some sources to consult for market data include government statistics offices, industry associations, academic research, and respected news outlets covering your industry.

Read more: What is a Marketing Analysis? 3 Steps Every Business Should Follow

SWOT analysis

A SWOT analysis looks at your strengths, weaknesses, opportunities, and threats. 

That involves asking questions like: 

• What are the best things about your company? 
• What are you not so good at? 
• What market or industry shifts can you take advantage of and turn into opportunities? 
• Are there external factors threatening your ability to succeed?

SWOT is often depicted in a grid or otherwise visual way. With this visual presentation, your reader can quickly see the factors that may impact your business and determine your competitive advantage in the market.

Competitive analysis

There are three overarching factors you can use to differentiate your business in the face of competition:

• Cost leadership. You have the capacity to maximize profits by offering lower prices than the majority of your competitors. Examples include companies like Mejuri and Endy .
• Differentiation. Your product or service offers something distinct from the current cost leaders in your industry and banks on standing out based on your uniqueness. Think of companies like Knix and QALO .
• Segmentation. You focus on a very specific, or niche, target market, and aim to build traction with a smaller audience before moving on to a broader market. Companies like TomboyX and Heyday Footwear are great examples of this strategy.

To understand which is the best fit, you’ll need to understand your business as well as the competitive landscape.

You’ll always have competition in the market, even with an innovative product, so it’s important to include a competitive overview in your business plan. If you’re entering an established market, include a list of a few companies you consider direct competitors and explain how you plan to differentiate your products and business from theirs.

For example, if you’re selling jewelry , your competitive differentiation could be that, unlike many high-end competitors, you donate a percentage of your profits to a notable charity or pass savings on to your customers.

If you’re entering a market where you can’t easily identify direct competitors, consider your indirect competitors—companies offering products that are substitutes for yours. For example, if you’re selling an innovative new piece of kitchen equipment, it’s too easy to say that because your product is new, you have no competition. Consider what your potential customers are doing to solve the same problems.

4. Outline the management and organization

The management and organization section of your business plan should tell readers about who’s running your company. Detail the legal structure of your business. Communicate whether you’ll incorporate your business as an S corporation or create a limited partnership or sole proprietorship.

If you have a management team, use an organizational chart to show your company’s internal structure, including the roles, responsibilities, and relationships between people in your chart. Communicate how each person will contribute to the success of your startup.

5. List your products and services

Your products or services will feature prominently in most areas of your business plan, but it’s important to provide a section that outlines key details about them for interested readers.

If you sell many items, you can include more general information on each of your product lines. If you only sell a few, provide additional information on each. 

For example, bag shop BAGGU sells a large selection of different types of bags, in addition to home goods and other accessories. Its business plan would list out those categories and key details about the products within each category.

Describe new products you’ll launch in the near future and any intellectual property you own. Express how they’ll improve profitability. It’s also important to note where products are coming from—handmade crafts are sourced differently than trending products for a dropshipping business, for instance.

6. Perform customer segmentation

Your ideal customer, also known as your target market, is the foundation of your marketing plan , if not your business plan as a whole. 

You’ll want to keep this buyer persona in mind as you make strategic decisions, which is why an overview of who they are is important to understand and include in your business plan.

To give a holistic overview of your ideal customer, describe a number of general and specific demographic characteristics. Customer segmentation often includes:

• Where they live
• Their age range
• Their level of education
• Some common behavior patterns
• How they spend their free time
• Where they work
• What technology they use
• How much they earn
• Where they’re commonly employed
• Their values, beliefs, or opinions

This information will vary based on what you’re selling, but you should be specific enough that it’s unquestionably clear who you’re trying to reach—and more importantly, why you’ve made the choices you have based on who your customers are and what they value.

For example, a college student has different interests, shopping habits, and pricing sensitivity than a 50-year-old executive at a Fortune 500 company. Your business plan and decisions would look very different based on which one was your ideal customer.

Put your customer data to work with Shopify’s customer segmentation

Shopify’s built-in segmentation tools help you discover insights about your customers, build segments as targeted as your marketing plans with filters based on your customers’ demographic and behavioral data, and drive sales with timely and personalized emails.

7. Define a marketing plan

Your marketing efforts are directly informed by your ideal customer. That’s why, as you outline your current decisions and future strategy, your marketing plan should keep a sharp focus on how your business idea is a fit for that ideal customer.

If you’re planning to invest heavily in Instagram marketing or TikTok ads , for example, it makes sense to include whether Instagram and TikTok are leading platforms for your audience. If the answer is no, that might be a sign to rethink your marketing plan.

Market your business with Shopify’s customer marketing tools

Shopify has everything you need to capture more leads, send email campaigns, automate key marketing moments, segment your customers, and analyze your results. Plus, it’s all free for your first 10,000 emails sent per month.

Most marketing plans include information on four key subjects. How much detail you present on each will depend on both your business and your plan’s audience.

• Price: How much do your products cost, and why have you made that decision?
• Product: What are you selling and how do you differentiate it in the market?
• Promotion: How will you get your products in front of your ideal customer?
• Place: Where will you sell your products? On what channels and in which markets?

Promotion may be the bulk of your plan, since you can more readily dive into tactical details, but the other three areas should be covered at least briefly—each is an important strategic lever in your marketing mix.

8. Provide a logistics and operations plan

Logistics and operations are the workflows you’ll implement to make your business idea a reality. If you’re writing a business plan for your own planning purposes, this is still an important section to consider, even though you might not need to include the same level of detail as if you were seeking investment.

Cover all parts of your planned operations, including:

• Suppliers. Where do you get the raw materials you need for production, or where are your products produced?
• Production. Will you make, manufacture, wholesale , or dropship your products? How long does it take to produce your products and get them shipped to you? How will you handle a busy season or an unexpected spike in demand?
• Facilities. Where will you and any team members work? Do you plan to have a physical retail space? If yes, where?
• Equipment. What tools and technology do you require to be up and running? This includes everything from software to lightbulbs and everything in between.
• Shipping and fulfillment. Will you be handling all the fulfillment tasks in-house, or will you use a third-party fulfillment partner?
• Inventory. How much will you keep on hand, and where will it be stored? How will you ship it to partners if required, and how will you approach inventory management ?

This section should signal to your reader that you’ve got a solid understanding of your supply chain, with strong contingency plans in place to cover potential uncertainty. If your reader is you, it should give you a basis to make other important decisions, like how to price your products to cover your estimated costs, and at what point you anticipate breaking even on your initial spending.

9. Make a financial plan

No matter how great your idea is—and regardless of the effort, time, and money you invest—a business lives or dies based on its financial health. At the end of the day, people want to work with a business they expect to be viable for the foreseeable future.

The level of detail required in your financial plan will depend on your audience and goals, but typically you’ll want to include three major views of your financials: an income statement, a balance sheet, and a cash-flow statement. It also may be appropriate to include financial data and projections.

Here’s a spreadsheet template that includes everything you’ll need to create an income statement, balance sheet, and cash-flow statement, including some sample numbers. You can edit it to reflect projections if needed.

Let’s review the types of financial statements you’ll need.

Income statements

Your income statement is designed to give readers a look at your revenue sources and expenses over a given time period. With those two pieces of information, they can see the all-important bottom line or the profit or loss your business experienced during that time. If you haven’t launched your business yet, you can project future milestones of the same information.

Balance sheets

Your balance sheet offers a look at how much equity you have in your business. On one side, you list all your business assets (what you own), and on the other side, all your liabilities (what you owe). 

This provides a snapshot of your business’s shareholder equity, which is calculated as:

Assets - Liabilities = Equity

Cash flow statements

Your cash flow statement is similar to your income statement, with one important difference: it takes into account when revenues are collected and when expenses are paid.

When the cash you have coming in is greater than the cash you have going out, your cash flow is positive. When the opposite scenario is true, your cash flow is negative. Ideally, your cash flow statement will help you see when cash is low, when you might have a surplus, and where you might need to have a contingency plan to access funding to keep your business solvent .

It can be especially helpful to forecast your cash-flow statement to identify gaps or negative cash flow and adjust operations as required.

📚 Read more: Cash Flow Management: What It Is & How To Do It (+ Examples)

Why write a business plan?

Investors rely on business plans to evaluate the feasibility of a business before funding it, which is why business plans are commonly associated with getting a business loan. 

Business plans also help owners identify areas of weakness before launching, potentially avoiding costly mistakes down the road. “Laying out a business plan helped us identify the ’unknowns’ and made it easier to spot the gaps where we’d need help or, at the very least, to skill up ourselves,” says Jordan Barnett, owner of Kapow Meggings .

There are several other compelling reasons to consider writing a business plan, including:

• Strategic planning. Writing out your plan is an invaluable exercise for clarifying your ideas and can help you understand the scope of your business, as well as the amount of time, money, and resources you’ll need to get started.
• Evaluating ideas. If you’ve got multiple ideas in mind, a rough business plan for each can help you focus your time and energy on the ones with the highest chance of success.
• Research. To write a business plan, you’ll need to research your ideal customer and your competitors—information that will help you make more strategic decisions.
• Recruiting. Your business plan is one of the easiest ways to communicate your vision to potential new hires and can help build their confidence in the venture, especially if you’re in the early stages of growth.
• Partnerships. If you plan to collaborate with other brands , having a clear overview of your vision, your audience, and your business strategy will make it much easier for them to identify if your business is a good fit for theirs.
• Competitions. There are many business plan competitions offering prizes such as mentorships, grants, or investment capital. 

If you’re looking for a structured way to lay out your thoughts and ideas, and to share those ideas with people who can have a big impact on your success, making a business plan is an excellent starting point.

Business plan types

Business plan types can span from one page to multiple pages, with detailed graphs and reports. There’s no one right way to create a business plan. The goal is to convey the most important information about your company for readers.

Common business plans we see include, but are not limited to, the following types:

Traditional business plans

These are the most common business plans. Traditional business plans take longer to write and can be dozens of pages long. Venture capitalist firms and lenders ask for this plan. Traditional business plans may not be necessary if you don’t plan to seek outside funding. That’s where a lean business plan comes in.

Lean business plans

A lean business plan is a shorter version of a traditional business plan. It follows the same format, but only includes the most important information. Businesses use lean business plans to onboard new hires or modify existing plans for a specific target market. If you want to write a business plan purely for your own planning purposes when starting a new small business, a lean business plan is typically the way to go. 

Nonprofit business plans

A nonprofit business plan is for any entity that operates for public or social benefit. It covers everything you’ll find in a traditional business plan, plus a section describing the impact the company plans to make. For example, a speaker and headphone brand would communicate that they aim to help people with hearing disabilities. Donors often request this type of business plan.

📚 Read more: 7 Business Plan Examples to Inspire Your Own (2024)

7 tips for creating a small business plan

There are a few best practices when it comes to writing a business plan. While your plan will be unique to your business and goals, keep these tips in mind as you write.

1. Know your audience

When you know who will be reading your plan—even if you’re just writing it for yourself to clarify your ideas—you can tailor the language and level of detail to them. This can also help you make sure you’re including the most relevant information and figure out when to omit sections that aren’t as impactful.

2. Have a clear goal

When creating a business plan, you’ll need to put in more work and deliver a more thorough plan if your goal is to secure funding for your business, versus working through a plan for yourself or your team.

3. Invest time in research

Sections of your business plan will primarily be informed by your ideas and vision, but some of the most crucial information you’ll need requires research from independent sources. This is where you can invest time in understanding who you’re selling to, whether there’s demand for your products, and who else is selling similar products or services.

4. Keep it short and to the point

No matter who you’re writing for, your business plan should be short and readable—generally no longer than 15 to 20 pages. If you do have additional documents you think may be valuable to your audience and your goals, consider adding them as appendices.

5. Keep the tone, style, and voice consistent

This is best managed by having a single person write the plan or by allowing time for the plan to be properly edited before distributing it.

6. Use a business plan template

You can also use a free business plan template to provide a skeleton for writing a plan. These templates often guide you through each section—from financial projects to market research to mission statement—ensuring you don’t miss a step.

7. Try business plan software

Writing a business plan isn’t the easiest task for business owners. But it’s important for anyone starting or expanding a business. 

Fortunately, there are tools to help with everything from planning, drafting, creating graphics, syncing financial data, and more. Business plan software also has business plan templates and tutorials to help you finish a comprehensive plan in hours, rather than days.

A few curated picks include:

• LivePlan : the most affordable option with samples and templates
• Bizplan : tailored for startups seeking investment
• Go Small Biz : budget-friendly option with industry-specific templates

📚 Read more:  6 Best Business Plan Software Platforms (2024)

Common mistakes when writing a business plan

Other articles on business plans would never tell you what we’re about to tell you: Your business plan can fail. 

The last thing you want is for time and effort to go down the drain, so avoid these common mistakes:

• Bad business idea. Sometimes your idea may be too risky for potential investors or too expensive to run, or there’s no market. Aim for small business ideas that require low startup costs.
• No exit strategy. If you don’t show an exit strategy, or a plan for investors to leave the business with maximum profits, you’ll have little luck securing capital.
• Unbalanced teams. A great product is the cost of entry to starting a business. But an incredible team will take it to the top. Unfortunately, many business owners overlook a balanced team. They focus on potential profits, without worrying about how it will be done operationally. 
• Missing financial projections. Don’t forget your balance sheet, cash flow statements, P&L statements, and income statements. Include your break-even analysis and return-on-investment calculations in your financial projections to create a successful business plan.
• Spelling and grammar errors. All the best organizations have an editor review their documents. If someone spots typos while reading your business plan, sloppy errors like those can evoke a larger sense of distrust in your capabilities to run a successful company. It may seem minor, but legibility and error-free writing helps make a good impression on your business plan’s audience. 

Updating and revising a business plan

Business plans aren’t static documents. The business world moves fast and your plan will need to keep up. You don’t want it to get stale. 

Here’s a good rule of thumb for business plan revisions:

• Monthly: Update KPIs like sales, website traffic, and customer acquisition costs. Review your cash flow. Is your money situation as expected? Make the necessary changes.
• Quarterly : Are you hitting your targets? Be sure to update your financial performance, successful marketing campaigns, and any other recent milestones achieved.
• Yearly : Think of this as a big overhaul. Compare projections to actuals and update your forecasts. 

When updating your plan, don’t just go with your gut. Use data like surveys and website analytics to inform each update. Using outdated information will only lead to confusion and missed opportunities.

Remember not to just update one part of your plan—it’s all connected. Fortunately, with business plan software you can easily give your plan attention and help your business thrive. 

How to present a business plan

Here are some tips for presenting your business plan to stakeholders.

Understand your audience

Start by doing homework on who you’ll be presenting to. Are they investors, potential partners, or a bank? Each group will have different interests and expectations. 

Consider the following about your presentation audience:

• Background: What’s their professional experience?
• Knowledge level: How familiar are they with your industry?
• Interests: What aspects of your plan will excite them most?
• Concerns: What might make them hesitant about your idea?

Depending on who you’re presenting to, you can tweak your presentation accordingly. For example, if you’re presenting to a group of investors, you’d probably want to highlight financial projections and market analysis. 

Structure your presentation

Once you know your audience, you can organize your presentation. Think of this as the story you’ll tell listeners. A well-structured presentation helps listeners follow along and remember key points. 

Your opening should grab attention and give a snapshot of what’s to come. It’s kind of like an elevator pitch that gives an overview of your business idea. 

From there, break your presentation into clear sections:

• Problem: What issue are you solving?
• Solution: How does your business address this problem?
• Market: Who are your potential customers?
• Competition: Who else is in this space, and how are you different?
• Business model: How will you make money?
• Financial projections: What are your expected costs and revenues?
• Team: Who’s involved, and what makes them qualified?

Use visual aids to support your points. Graphs, charts, and even simple illustrations can make your information more digestible. Remember to practice your timing, too. A good presentation flows smoothly, giving each section the right amount of attention for its intended audience. 

Handle objections and questions

Facing objections or questions can be nerve-wracking, but it’s actually a great opportunity. It shows your listeners are engaged and thinking critically about your idea. The key is to be prepared and stay calm. 

Try to anticipate potential questions. Put yourself in the listener’s shoes: What would you want to know if you were them? Come up with clear answers to these questions ahead of time.

When handling questions:

• Listen carefully: Make sure you fully understand the question before answering.
• Stay positive: Even if the question seems critical, respond with enthusiasm.
• Be honest: If you don’t know something, it’s OK. Offer to find out and follow up. 

Use questions as a way to highlight the strengths of your business plan. If a question needs more thought or refresh, it’s perfectly fine to say, “That’s a great question. I’d love to look further into it and get back to you with a detailed answer.”

Handling questions well shows that you’re knowledgeable, thoughtful, and open to feedback—all things that will impress listeners and make them feel confident in your business plan. 

Prepare your business plan today

A business plan can help you identify clear, deliberate next steps for your business, even if you never plan to pitch investors—and it can help you see gaps in your plan before they become issues. 

Whether you’re working on starting a new online business idea , building a retail storefront, growing your established business, or purchasing an existing business , you now understand how to write a business plan that suits your business’s goals and needs.

Feature illustration by Rachel Tunstall

• How to Start a Dropshipping Business- A Complete Playbook for 2024
• The Ultimate Guide To Dropshipping (2024)
• AliExpress Dropshipping- How to Dropship From AliExpress
• How to Start a Clothing Line in 12 Steps (2024)
• How To Source Products To Sell Online
• How To Do Crowdfunding: With Expert Tips and Examples From Successful Campaigns
• How to Start a Candle Business (with Examples)
• What Is Affiliate Marketing and How to Get Started
• Pinterest Marketing 101- How to Promote Your Business on Pinterest
• Getting Started on IG- A Beginner’s Guide to Instagram Marketing

Business plan FAQ

How do i write a business plan.

Learning how to write a business plan is simple if you use a business plan template or business plan software. Typically, a traditional business plan for every new business should have the following components:

• Executive summary
• Company description, including value proposition
• Market analysis and competitive analysis
• Management and organization
• Products and services
• Customer segmentation
• Marketing plan
• Logistics and operations
• Financial plan and financial projections

What is a good business plan?

A good business plan clearly communicates your company’s purpose, goals, and growth strategies. It starts with a strong executive summary, then adequately outlines idea feasibility, target market insights, and the competitive landscape. 

A business plan template can help businesses be sure to follow the typical format of traditional business plans, which also include financial projections, details about the management team, and other key elements that venture capital firms and potential investors want to see.

What are the 3 main purposes of a business plan?

The three main purposes of a business plan are: 

• To clarify your plans for growth
• To understand your financial needs
• To attract funding from investors or secure a business loan

What are the different types of business plans?

The types of business plans include startup, refocusing, internal, annual, strategic, feasibility, operations, growth, and scenario-based. Each type of business plan has a different purpose. Business plan formats include traditional, lean, and nonprofit. Find a business plan template for the type of plan you want to write.

Keep up with the latest from Shopify

Get free ecommerce tips, inspiration, and resources delivered directly to your inbox.

By entering your email, you agree to receive marketing emails from Shopify.

popular posts

The point of sale for every sale.

Subscribe to our blog and get free ecommerce tips, inspiration, and resources delivered directly to your inbox.

Unsubscribe anytime. By entering your email, you agree to receive marketing emails from Shopify.

Latest from Shopify

Sep 4, 2024

Learn on the go. Try Shopify for free, and explore all the tools you need to start, run, and grow your business.

Try Shopify for free, no credit card required.

• Name Search
• Browse Legal Issues
• Browse Law Firms

Business Laws and Regulations

By Jade Chounlamountry, Esq. | Legally reviewed by Aviana Cooper, Esq. | Last reviewed October 06, 2023

Editorial Note: We earn a commission from affiliate partner links on FindLaw. Commissions do not affect the editorial integrity of our legal content.

Legally Reviewed

This article has been written and reviewed for legal accuracy, clarity, and style by  FindLaw’s team of legal writers and attorneys  and in accordance with  our editorial standards .

Fact-Checked

The last updated date refers to the last time this article was reviewed by FindLaw or one of our  contributing authors . We make every effort to keep our articles updated. For information regarding a specific legal issue affecting you, please  contact an attorney in your area .

Navigating business laws and regulations is essential to running a successful enterprise. Business laws and regulations generally aim to:

• Ensure fair competition
• Protect consumers
• Promote economic stability

Compliance with these laws is essential for entrepreneurs and small-business owners.

This article provides a comprehensive overview of business laws and regulations. However, it's best to consult with an attorney if you have specific questions related to your business.

Understanding Business Laws

Business laws encompass a wide range of legal principles and rules that govern commercial activities. These laws exist at various levels, including local, state, national, and international.

Regulatory Authorities

Regulatory authorities are responsible for enforcing business laws and regulations. These authorities monitor compliance, investigate violations, and impose penalties for noncompliance. The specific regulatory bodies may vary depending on the jurisdiction and industry.

Government Regulations

At the federal level, various government agencies regulate business activities. These federal agencies ensure compliance with federal regulations, securities, competition, taxation, and more. Some examples include:

• Securities and Exchange Commission  (SEC)
• Federal Trade Commission  (FTC)
• Internal Revenue Service  (IRS)

State governments  regulate businesses within their jurisdiction. Regulations may vary from one locality to another. Here are some common ways state and local governments regulate businesses:

• Licensing and permits
• Zoning regulations
• Health and safety regulations
• Signage and advertising regulations
• Business taxation

Industry-Specific Regulations

Many regulatory bodies oversee compliance with specific laws and regulations. Some examples include:

• Food and Drug Administration  (FDA) regulates the pharmaceutical and food industries.
• Federal Communications Commission  (FCC) oversees telecommunications and broadcasting.

Federal and state tax codes impact all businesses, from sole proprietorships and startups to large corporations.  Taxes  shape their financial obligations and influence their overall operations.

At the federal level, businesses are subject to various  federal taxes . Some of these business taxes include income, payroll, and excise taxes. Business profits are subject to federal income tax.

Different tax rates apply to different types of business structures. Employment taxes include Social Security and Medicare taxes. These taxes are withheld from employee wages and matched by employers. Excise taxes apply to goods and services like fuel, tobacco, and alcohol.

State tax laws vary across jurisdictions. Businesses must follow state-level income, sales tax, and other applicable taxes. State tax rates and regulations differ, impacting businesses' tax liabilities and compliance requirements. Businesses must navigate complex federal and state tax laws. They must ensure accurate reporting, timely payments, and compliance with tax obligations.

When managing your tax responsibilities, it's essential to maintain detailed records. And in many cases, you'll want to seek professional tax advice to optimize your financial strategies.

Employment Laws

The United States  Department of Labor  (DOL) regulates many business activities. The DOL regulates employer/employee relations and workplace conditions. Complying with DOL regulations requires following regulations and labor laws relating to:

• Federal minimum wages and hours worked
• Benefits such as health insurance, retirement, and paid leave
• Hiring issues
• Termination issues
• Equal opportunity
• Workers' compensation
• Safety and health in the workplace
• Whistleblower and nonretaliation protections
• Plant closings and layoffs
• Unions and union members
• Recordkeeping

Immigration Law and Employment

When hiring foreign nationals, employers should consider several factors:

• Work authorization
• Visa sponsorship
• Labor certification (if needed)
• Cultural sensitivity and integration
• Compliance with anti-discrimination laws
• Training and support
• Renewals and visa updates
• Compliance with reporting obligations

Hiring foreign nationals or noncitizens might be the right move for your business. But it's important to ensure you comply with  immigration laws . Seeking advice from an immigration attorney ahead of time can help avoid headaches.

Environmental Regulations

Businesses are subject to federal, state, and local environmental regulations. The  Environmental Protection Agency  (EPA) enforces key federal laws, which include:

• Clean Air Act : Regulates air emissions from smokestacks and other sources (carbon dioxide, acid rain, ozone, etc.).
• Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA) : Addresses the clean-up of abandoned or unmanaged hazardous waste sites.
• Endangered Species Act : Protects threatened or endangered plant and animal species.
• Occupational Safety and Health Administration  (OSHA): OSHA often addresses environmental issues (such as toxic substances in the workplace).
• Compliance Assistance

The  U.S. Small Business Administration  (SBA) is a government agency established to support and promote small businesses. The SBA plays a vital role in fostering the growth and success of small businesses. Some of the SBA's key initiatives are:

Access to Capital

The SBA facilitates access to capital through loan guarantee programs. This includes the  7(a) Loan Program , which provides loans to small businesses through approved lenders. The SBA guarantees a portion of the loan, reducing the risk for lenders and increasing access to funding for small businesses.

Business Counseling and Education

The SBA operates a network of chapters nationwide. These centers offer:

• Free or low-cost counseling
• Mentoring services to aspiring and existing small-business owners
• Guidance on business aspects, such as business planning, financial management, marketing, and procurement

Government Contracting Assistance

The SBA assists small businesses in accessing federal contracting opportunities. This includes certification programs for minority-owned, women-owned, veteran-owned, and disadvantaged businesses. The SBA also advocates for small business interests in federal procurement processes. They encourage government agencies to set aside contracts specifically for small businesses.

Disaster Assistance

In natural disasters or emergencies, the SBA provides low-interest disaster loans. These loans assist small businesses in recovering and rebuilding. They also help businesses cover repair and replacement costs for physical damage. The loans also provide working capital needs during recovery.

Advocacy and Policy

The SBA serves as an advocate for small businesses within the federal government. It represents the interests of small businesses in proposed rules or new regulations. The SBA provides research and analysis on policy issues affecting small-business owners. Then they communicate small business concerns to policymakers.

Small-business owners can use the SBA's programs and services to get help and guidance throughout their entrepreneurial journey.

Get Legal Help With Business Regulations

If you're facing legal challenges or need guidance in complex matters such as immigration, employment, or business law, don't hesitate to seek the assistance of an  experienced attorney . Their expertise and knowledge can provide invaluable support in navigating the legal landscape, ensuring compliance, and protecting your rights and interests. Take action today and consult a trusted attorney who can provide the guidance and advocacy you need.

• Environmental Laws Small Business Owners Should Know About
• Lessons Learned
• Hazardous Waste
• Marijuana and Other Highly Regulated Businesses
• How to Get Financing for a Marijuana Business
• Marijuana Business: Licenses, Permits, and Planning
• How To Hire Foreign Workers in the United States?
• Hiring Immigrant Workers
• Eligibility FAQs
• Non-Citizens Labor Certification
• Business Regulations
• Resources by State
• Business Torts
• Civil Conspiracy
• Fraudulent Misrepresentation
• Restraint of Trade

Popular Content

• Trade Libel
• Commercial Disparagement

Most Recent

• Hiring Immigrant Workers FAQs
• Labor Certification for Non-Citizens
• Workers Protection Standard (WPS): Protections for Farm Workers
• What Is Indoor Air Pollution?
• View All Business Laws

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

FindLaw will earn a commission if you purchase business formation products through these affiliate links.

Meet FindLaw's trusted partner LegalZoom , the #1 online business formation provider

Kickstart your LLC in minutes!

Join the millions who launched their businesses with LegalZoom.

LLC plans start at $0 + state fees.

Prefer to work with a lawyer?

Find one right now.

Popular Directory Searches

• Contracts Attorneys
• Incorporation Lawyers
• Business Litigation Lawyers
• Intellectual Property Attorneys

Find a Lawyer

• Search Legal Resources
• Find Cases and Laws

• Search Search Please fill out this field.
• Building Your Business
• Becoming an Owner
• Business Plans

How to Write the Operations Plan Section of a Business Plan

Susan Ward wrote about small businesses for The Balance for 18 years. She has run an IT consulting firm and designed and presented courses on how to promote small businesses.

How to Write the Operations Plan Section of the Business Plan

Stage of development section, production process section, the bottom line, frequently asked questions (faqs).

The operations plan is the section of your business plan that gives an overview of your workflow, supply chains, and similar aspects of your business. Any key details of how your business physically produces goods or services will be included in this section.

You need an operations plan to help others understand how you'll deliver on your promise to turn a profit. Keep reading to learn what to include in your operations plan.

Key Takeaways

• The operations plan section should include general operational details that help investors understand the physical details of your vision.
• Details in the operations plan include information about any physical plants, equipment, assets, and more.
• The operations plan can also serve as a checklist for startups; it includes a list of everything that must be done to start turning a profit.

In your business plan , the operations plan section describes the physical necessities of your business's operation, such as your physical location, facilities, and equipment. Depending on what kind of business you'll be operating, it may also include information about inventory requirements, suppliers, and a description of the manufacturing process.

Staying focused on the bottom line will help you organize this part of the business plan.

Think of the operating plan as an outline of the capital and expense requirements your business will need to operate from day to day.

You need to do two things for the reader of your business plan in the operations section: show what you've done so far to get your business off the ground and demonstrate that you understand the manufacturing or delivery process of producing your product or service.

When you're writing this section of the operations plan, start by explaining what you've done to date to get the business operational, then follow up with an explanation of what still needs to be done. The following should be included:

Production Workflow

A high-level, step-by-step description of how your product or service will be made, identifying the problems that may occur in the production process. Follow this with a subsection titled "Risks," which outlines the potential problems that may interfere with the production process and what you're going to do to negate these risks. If any part of the production process can expose employees to hazards, describe how employees will be trained in dealing with safety issues. If hazardous materials will be used, describe how these will be safely stored, handled, and discarded.

Industry Association Memberships

Show your awareness of your industry's local, regional, or national standards and regulations by telling which industry organizations you are already a member of and which ones you plan to join. This is also an opportunity to outline what steps you've taken to comply with the laws and regulations that apply to your industry. 

Supply Chains

An explanation of who your suppliers are and their prices, terms, and conditions. Describe what alternative arrangements you have made or will make if these suppliers let you down.

Quality Control

An explanation of the quality control measures that you've set up or are going to establish. For example, if you intend to pursue some form of quality control certification such as ISO 9000, describe how you will accomplish this.

While you can think of the stage of the development part of the operations plan as an overview, the production process section lays out the details of your business's day-to-day operations. Remember, your goal for writing this business plan section is to demonstrate your understanding of your product or service's manufacturing or delivery process.

When writing this section, you can use the headings below as subheadings and then provide the details in paragraph format. Leave out any topic that does not apply to your particular business.

Do an outline of your business's day-to-day operations, including your hours of operation and the days the business will be open. If the business is seasonal, be sure to say so.

The Physical Plant

Describe the type, size, and location of premises for your business. If applicable, include drawings of the building, copies of lease agreements, and recent real estate appraisals. You need to show how much the land or buildings required for your business operations are worth and tell why they're important to your proposed business.

The same goes for equipment. Besides describing the equipment necessary and how much of it you need, you also need to include its worth and cost and explain any financing arrangements.

Make a list of your assets , such as land, buildings, inventory, furniture, equipment, and vehicles. Include legal descriptions and the worth of each asset.

Special Requirements

If your business has any special requirements, such as water or power needs, ventilation, drainage, etc., provide the details in your operating plan, as well as what you've done to secure the necessary permissions.

State where you're going to get the materials you need to produce your product or service and explain what terms you've negotiated with suppliers.

Explain how long it takes to produce a unit and when you'll be able to start producing your product or service. Include factors that may affect the time frame of production and describe how you'll deal with potential challenges such as rush orders.

Explain how you'll keep  track of inventory .

Feasibility

Describe any product testing, price testing, or prototype testing that you've done on your product or service.

Give details of product cost estimates.

Once you've worked through this business plan section, you'll not only have a detailed operations plan to show your readers, but you'll also have a convenient list of what needs to be done next to make your business a reality. Writing this document gives you a chance to crystallize your business ideas into a clear checklist that you can reference. As you check items off the list, use it to explain your vision to investors, partners, and others within your organization.

What is an operations plan?

An operations plan is one section of a company's business plan. This section conveys the physical requirements for your business's operations, including supply chains, workflow , and quality control processes.

What is the main difference between the operations plan and the financial plan?

The operations plan and financial plan tackle similar issues, in that they seek to explain how the business will turn a profit. The operations plan approaches this issue from a physical perspective, such as property, routes, and locations. The financial plan explains how revenue and expenses will ultimately lead to the business's success.

Developing a Plan for Compliance with Regulations

Fundrising Ready

MAC & PC Compatible

Immediate Download

Related Blogs

• Understanding Your Business Insurance Needs
• Creating a Bootstrap Business Plan
• Harnessing the Power of Critical Thinking for Business Plans
• Benefits of an Effective Business Plan
• Should You Hire an Accountant for Your Business?

In today's complex regulatory landscape, developing a robust compliance plan is essential for organizations striving to meet federal, state, and local regulations. Understanding the intricacies of these requirements not only mitigates risks but also fosters a culture of accountability and integrity. By prioritizing compliance, businesses can enhance their reputation and drive sustainable growth.

What are the key regulations that impact our industry?

Identify federal, state, and local regulations.

Understanding the landscape of compliance regulations begins with identifying the various levels of regulations that affect your industry. At the federal level, agencies such as the Environmental Protection Agency (EPA), Occupational Safety and Health Administration (OSHA), and the Food and Drug Administration (FDA) enforce standards that businesses must adhere to. Each state may have its own set of regulations that can vary significantly, impacting everything from labor laws to environmental protections. Additionally, local regulations can impose requirements related to zoning, permits, and public health.

Understand industry-specific guidelines and standards

Beyond general federal and state regulations, industry-specific compliance standards play a crucial role in shaping your compliance plan development. Many industries have established guidelines that dictate best practices, such as the Health Insurance Portability and Accountability Act (HIPAA) in healthcare or the Payment Card Industry Data Security Standard (PCI DSS) in finance. Familiarizing yourself with these standards is essential for effective compliance risk management and ensuring your organization meets all necessary requirements.

• Research the specific regulations relevant to your industry.
• Engage with industry associations to stay updated on changes.
• Implement a system for regularly reviewing industry standards.

Analyze the implications of international regulations if applicable

In an increasingly global marketplace, understanding the implications of international regulations is vital for businesses that operate cross-border. Regulations such as the General Data Protection Regulation (GDPR) in Europe have far-reaching impacts, setting strict guidelines on data privacy that affect any company dealing with EU citizens. It is essential to identify which international regulations apply to your operations and ensure your compliance plan accommodates these requirements.

• Regularly consult with legal advisors to navigate complex international regulations.
• Stay informed about changes in international laws that could impact your business.

How can we conduct a compliance risk assessment?

Evaluate internal processes and procedures.

To effectively conduct a compliance risk assessment , organizations must first evaluate their internal processes and procedures. This evaluation involves a thorough review of existing operations to ensure they align with applicable compliance regulations . Key steps include:

• Mapping out current workflows to identify compliance touchpoints.
• Assessing the adequacy of documentation related to compliance activities.
• Identifying gaps in current processes that may lead to non-compliance.

Utilizing compliance monitoring tools can streamline this evaluation, allowing for a more comprehensive understanding of where potential risks may arise.

Identify areas of non-compliance and potential risks

Once internal processes have been evaluated, the next step is to identify areas of non-compliance and potential risks. This involves:

• Reviewing past compliance audits and reports to pinpoint recurring issues.
• Engaging with team members to gather insights on operational challenges that may lead to non-compliance .
• Analyzing changes in federal regulations compliance and industry-specific standards that may impact current practices.

This identification phase is crucial for understanding where the organization stands in relation to industry-specific compliance standards and what vulnerabilities exist in their operations.

Prioritize risks based on their likelihood and impact

After identifying areas of non-compliance, organizations must prioritize these risks based on their likelihood of occurrence and potential impact. This prioritization process can be structured as follows:

• Assessing the frequency of each identified risk and its historical occurrence.
• Evaluating the potential consequences of non-compliance, including financial penalties and reputational damage.
• Utilizing a risk matrix to classify risks into categories such as low, medium, and high.

By effectively prioritizing risks, organizations can allocate resources more efficiently and focus their efforts on mitigating the most critical compliance issues.

• Involve cross-functional teams in the compliance risk assessment process to gain diverse perspectives on potential risks.
• Regularly update the assessment to reflect changes in regulations or internal processes.
• Document all findings and develop a clear action plan to address identified risks.

Ultimately, conducting a thorough compliance risk assessment is a foundational step in compliance plan development . It not only helps organizations understand their current compliance status but also guides them in implementing effective corrective action plans for compliance and training programs to enhance overall regulatory adherence.

What steps should we take to develop a compliance plan?

Define clear objectives and goals for compliance.

Establishing a compliance plan begins with defining clear objectives and goals that align with both regulatory requirements and organizational values. These objectives should be specific, measurable, achievable, relevant, and time-bound (SMART). By setting these parameters, organizations can ensure that they are not only meeting federal regulations compliance but also enhancing overall operational integrity.

Outline specific policies and procedures to be implemented

Once objectives are defined, the next step is to outline specific policies and procedures that will guide compliance efforts. This includes:

• Developing written policies that reflect compliance with industry-specific compliance standards .
• Creating procedures for executing compliance measures, including reporting mechanisms and documentation of compliance activities.
• Integrating compliance monitoring tools to regularly evaluate adherence to these policies.

These policies must be readily accessible and communicated effectively throughout the organization to ensure everyone understands their role in compliance.

Assign responsibilities to team members for accountability

Accountability is a critical element of compliance plan development . Assigning clear roles and responsibilities helps to ensure that every member of the organization knows their specific obligations regarding compliance. Consider the following steps:

• Designate a compliance officer or team responsible for overseeing compliance initiatives.
• Outline the specific duties of each team member in relation to compliance, including the management of compliance training programs and the facilitation of employee training on regulations .
• Implement a system for tracking compliance-related tasks and responsibilities to enhance accountability.

By fostering a culture of accountability, organizations can significantly reduce the risk of non-compliance resolution issues arising.

• Regularly review and update compliance objectives to reflect any changes in regulations or industry standards.
• Encourage cross-departmental collaboration to enhance the effectiveness of compliance policies and procedures.
• Utilize feedback from compliance training sessions to identify areas for improvement in your compliance plan.

How can we ensure employee training and awareness?

Develop a comprehensive training program on compliance requirements.

To foster a culture of compliance within an organization, it is vital to develop a comprehensive training program that addresses compliance regulations relevant to the industry. This program should encompass federal regulations compliance, industry-specific compliance standards, and any implications of international regulations that may affect operations.

The training should be structured to include various formats, such as online modules, in-person workshops, and interactive sessions, ensuring that employees can engage with the material in ways that suit their learning styles. Additionally, incorporating real-life case studies can help illustrate the importance of compliance and the potential risks associated with non-compliance.

Create Training Materials and Resources for Ongoing Reference

Effective employee training strategies for compliance must also include the development of accessible training materials and resources. These materials should serve as a reference point that employees can consult when needed. Resources may include:

• Handbooks outlining compliance policies and procedures
• Quick reference guides summarizing key compliance regulations
• FAQs addressing common compliance-related queries
• Online platforms hosting recorded training sessions and materials

By providing accessible documentation of compliance activities, organizations can ensure that employees remain informed about their responsibilities and the necessary steps to maintain compliance.

Schedule Regular Training Sessions and Assessments to Gauge Understanding

To ensure that the training program remains effective over time, it is essential to schedule regular training sessions and assessments. This not only reinforces the compliance knowledge but also allows organizations to evaluate the effectiveness of their training initiatives. Regular training sessions should cover updates in compliance regulations and provide refresher courses to maintain awareness among employees.

Incorporating assessments, such as quizzes or practical evaluations, can help gauge understanding and retention of compliance information. These assessments should be designed to identify areas where additional training may be required, thus aiding in the development of a corrective action plan for compliance if necessary.

• Encourage open communication about compliance issues by establishing a feedback mechanism for employees to report concerns or seek clarification.
• Utilize compliance monitoring tools to track employee participation in training programs and identify trends that may indicate gaps in knowledge.

By taking these steps to ensure robust employee compliance training, organizations can significantly mitigate the risks associated with non-compliance and foster a culture of compliance throughout the workforce.

What monitoring and reporting mechanisms should be in place?

Establish key performance indicators (kpis) for compliance monitoring.

To effectively track compliance with regulations, organizations should establish key performance indicators (KPIs) . These metrics provide a quantifiable measure of compliance activities and help identify areas for improvement. Key KPIs may include:

• Percentage of employees trained on compliance regulations
• Number of compliance incidents reported
• Timeliness of corrective actions taken in response to non-compliance
• Audit results and findings
• Compliance-related customer feedback and satisfaction scores

By regularly reviewing these KPIs, organizations can gauge their compliance status and make informed decisions regarding their compliance plan development.

Create a reporting framework for documenting compliance activities

A robust reporting framework is essential for documenting all compliance activities. This framework should outline procedures for:

• Recording compliance training sessions and attendance
• Logging incidents of non-compliance and subsequent resolutions
• Tracking the implementation and effectiveness of corrective action plans for compliance
• Compiling audit findings and recommendations

Documentation plays a critical role in demonstrating adherence to federal regulations compliance and industry-specific compliance standards . It also serves as a valuable resource for internal audits for compliance and regulatory reviews.

Implement regular audits and reviews to assess adherence to regulations

To maintain an effective compliance monitoring system, organizations should conduct regular audits and reviews. These evaluations help ensure adherence to compliance regulations by:

• Identifying gaps in current compliance practices
• Assessing the effectiveness of employee compliance training programs
• Reviewing the implementation of compliance monitoring tools
• Evaluating the overall compliance risk management strategy

Regular audits not only help in recognizing non-compliance issues but also encourage a culture of accountability and continuous improvement within the organization.

• Ensure that KPIs are tailored to the specific compliance risks faced by your organization for more accurate monitoring.
• Utilize compliance monitoring tools to automate documentation and reporting processes, making it easier to track compliance activities.
• Encourage feedback from employees on training programs to enhance engagement and effectiveness in compliance training.

How can we address non-compliance effectively?

Develop a clear protocol for identifying and investigating non-compliance issues.

Establishing a robust protocol is crucial for addressing non-compliance effectively. This protocol should include:

• Regular monitoring of compliance activities to detect deviations.
• Clear procedures for reporting non-compliance, ensuring employees know how to voice concerns.
• Thorough investigation processes to understand the root cause of the non-compliance.
• Collaboration with relevant stakeholders, including legal and compliance teams, to evaluate issues.

By creating an environment where employees feel comfortable reporting non-compliance, organizations can address issues proactively rather than reactively. This approach not only reinforces a culture of regulatory compliance but also enhances overall trust within the organization.

Create a corrective action plan to address identified gaps

Once non-compliance has been identified and investigated, it is essential to develop a corrective action plan for compliance . This plan should include:

• Specific measures to rectify identified issues and prevent future occurrences.
• Timelines for implementing corrective actions to ensure accountability.
• Designated personnel responsible for executing the plan.
• Regular follow-up assessments to evaluate the effectiveness of the implemented measures.

By addressing gaps with a structured plan, organizations can enhance their compliance monitoring tools and mitigate risks associated with non-compliance.

Communicate consequences and disciplinary measures for repeated violations

Clear communication regarding the consequences of non-compliance is vital for fostering a culture of accountability. Organizations should:

• Develop a clear set of disciplinary measures for various levels of non-compliance.
• Ensure all employees understand the implications of non-compliance through comprehensive employee compliance training .
• Document all compliance activities and any resulting disciplinary actions to provide transparency.
• Encourage open discussions about compliance expectations and consequences during training sessions.

By communicating these measures effectively, organizations can deter future violations and reinforce the importance of adherence to compliance regulations .

• Regularly review and update your compliance protocols to align with evolving regulations.
• Encourage a culture of continuous improvement, where employees are empowered to suggest enhancements to compliance processes.

Implementing these strategies will not only help in managing non-compliance effectively but also strengthen the overall compliance culture within the organization.

What resources and tools are available to aid compliance efforts?

Research software solutions for compliance management.

Employing the right compliance monitoring tools is crucial for developing a robust compliance plan. Numerous software solutions are available that streamline compliance management by automating processes, tracking regulatory changes, and reporting compliance status. Key features to look for in these tools include:

• Automated tracking of compliance regulations and deadlines
• Document management systems for maintaining compliance documentation
• Risk assessment functionalities to identify and prioritize potential compliance issues
• Dashboards for real-time monitoring of compliance status and KPIs

Popular compliance software options include names like ComplyAdvantage, LogicManager, and GRC platforms that cater to specific industry needs. These tools not only enhance efficiency but also improve accuracy in compliance risk management .

Explore external consultants or legal advisors for specialized guidance

Engaging with external experts can provide invaluable insights into navigating the complexities of federal regulations compliance and industry-specific compliance standards. Consultants and legal advisors help organizations:

• Understand the implications of international regulations, if applicable
• Develop tailored compliance strategies based on specific operational contexts
• Conduct thorough compliance risk assessments and internal audits for compliance
• Implement effective employee training strategies for compliance

When selecting a consultant, consider their track record in your industry, as well as their familiarity with relevant regulations. Their expertise can significantly bolster your compliance plan development and ensure adherence to necessary regulations.

Utilize industry associations and networks for best practices and support

Industry associations play a pivotal role in promoting regulatory compliance strategies and providing resources for compliance management. Becoming a member of relevant associations can offer access to:

• Training programs and workshops on employee compliance training
• Networking opportunities with other compliance professionals
• Research and white papers detailing best practices for compliance training
• Updates on changes in regulations and compliance requirements

Engaging with these networks can provide ongoing support and resources that are essential for maintaining a strong compliance culture within your organization.

• Regularly review and update your compliance tools and resources to ensure they align with your evolving business needs.
• Consider leveraging peer reviews and testimonials when selecting consultants or software solutions for compliance efforts.
• Stay informed about industry trends and changes in regulations through continuous professional development and participation in industry forums.
• Choosing a selection results in a full page refresh.

5 Examples of Government Regulation of Businesses

Government regulation of businesses is a practice that has existed in the United States as long as there are commercial activities to oversee.

Federal regulations and laws can be put in place through legislative acts that can control entire industries, or they can be applied case by case to the business operations of owners. The function of these regulations is to promote the public health, safety, welfare, and morals of its constituents.

This post aims to highlight and provide examples of government regulations that impact business owners and how to deal with them.

Table of Contents

How are government business regulations made?

The process of making regulations is complex. It starts with a proposal from an agency, which may be prompted by a law passed by Congress or another action taken by the executive branch. The proposal then goes through several steps, including:

Step 1. Public comment period

People who are affected by the proposed rule have an opportunity to comment on it during this stage. Their comments are used to shape the final version of the rule.

Step 2. Notice of proposed rulemaking

This document describes what types of comments will be accepted and how they should be submitted during public comment periods. It also explains why the rule is needed and its effect on businesses, consumers, and other groups affected by it.

Step 3. Drafting

A draft must be written that reflects any comments received during the public hearings or written comments submitted during previous review stages. The draft is further modified based on new information during its drafting process.

What are the purposes of business regulations by the government?

1. Government business regulations are federal laws and statutes passed to protect businesses and the public interest. These regulations can be used by small businesses to help them grow. For example, government regulations may require using certain safety equipment on the job site if you own a construction company.

2. Federal regulations also affect how local businesses operate by setting standards for employee safety, health care, and environmental rules. For example, state licensing laws may require you to have some insurance for your employees if they get injured while using dangerous equipment at work.

3. Small business regulations can help maximize public safety and quality, vital for attracting new customers who want to feel safe when purchasing goods or services from their business.

4. Lastly, these regulations protect consumers from fraud and poor service by requiring businesses to follow specific guidelines when doing business with consumers.

Government regulation of business examples

Companies have always had to comply with government regulations. However, there has been a growing trend toward increased government regulation of business practices in recent years. This is due to the rise of globalization, which means that today businesses operate on a global scale and within countries. The top 5 government regulation examples are listed here:

The government regulates businesses by taxing them. The tax rate is the percentage that companies must pay to the state and local governments based on their entity (sole proprietorship or limited liability company), size, location, and industry they are involved. The higher the tax rate, the more money the government takes from companies.

However, the federal government offer tax incentives for businesses that partner with minority- and women-owned business and those who hire new employees and create jobs in some areas. There are also general taxes that business owners pay regardless of their structure:

• Excise tax is one of the most common types of tax levied by the federal government. This also applies to specific goods or services such as gasoline, alcohol, and tobacco. This can also be done by passing along the tax cost to consumers in the form of higher prices. The IRS has a dedicated explanation of what constitutes an excise tax.
• Employment taxes are the taxes that employers pay on behalf of their employees. These include the employer’s share of Social Security and Medicare taxes, federal and state unemployment insurance, and federal and state income tax withholding. See the IRS page, Employment Taxes for Small Businesses , for more details.
• Income taxes – Every business, excluding partnerships, must file its annual income tax returns. This is the tax of entities or individuals based on their earnings.
• Estimated tax – This tax payment gives companies an alternative to paying their income tax as their company earns income throughout the year.
• Self-employment tax involves Social Security and Medicare tax primarily for individuals who work for themselves.
• State tax is imposed on people in the state and business organizations who own properties like land, vehicles, and buildings.

2. Federal antitrust laws

The federal law helps keep the competition in the marketplace by giving them incentives to maintain the product quality while keeping prices at the desired range. This is beneficial for consumers because they can get the most valuable products and get value for money. Further, states may impose more antitrust laws based on federal statutes.

These include banning business operations such as :

1. Different companies forming a monopoly by forming mergers and acquisitions to minimize competition.

2. Businesses conspiring with other business owners to fix prices and divide markets.

3. Businesses using competitive and unfair strategies meant to deceive consumers.

3. Health and safety

The most popular safety and health regulation in the workplace are The Occupational Safety and Health Act of 1970 . Their objectives are to ensure that employers provide their workers with a working environment free from harm and hazards such as:

• Exposure to toxic elements
• Excessive noise levels
• Mechanical dangers
• Cold and heat stress
• Unsanitary surroundings

Moreover, the health act gave rise to two federal agencies, the National Institute for Occupational Safety and Health and the Occupational Safety and Health Administration . To learn more about regulations in different sectors, visit the EPA website .

4. Pay equity

The Equal Pay Act is a law that prohibits employers from paying unequal wages to women and men with jobs that require substantially equal skill, effort, and responsibility under similar working conditions. It also prohibits retaliation against employees for inquiring about, discussing, or disclosing their wages or the wages of other employees.

There has also been recent legislation at the local and state levels to address this gap in pay equity. An example is when New York City passed a law against wage disclosure . However, its effectivity was postponed to later in Nov 2022. This will also mandate job postings to include the minimum and maximum wage with penalties for employers who don’t comply with the law.

Here’s a list of other state laws under general provisions:

• California – Applicants can inquire about the hourly range after the job interview.
• Colorado –  Employers should disclose the hourly rate in the job posting.
• Maryland – Salary range must be provided to applicants upon request after the application.
• Nevada – Applicants may request a wage or salary range after completion of an interview. Also, current employees may ask for this information after applying, interviewing, or receiving a promotion or transfer offer.

5. Retirement

In 2021, 68% of private industry workers had access to retirement plans. Passing the Setting Up Every Community for Retirement Enhancement ( SECURE ) Act in 2019 made retirement plans more easily accessible for everyone who plans to participate through pooled employer plans in January 2021. It helped small businesses in the private sector to take advantage of this.

How to conform to government regulations as a business owner?

The American government has imposed many business regulations to protect the environment and employees’ rights. These regulations hold corporations responsible for their power in a business-driven community. So, if you want to keep your business running smoothly, it’s best to comply with all government and local regulations to avoid getting into problems.

1. Tax regulation

The IRS needs to know the whereabouts and operations of companies. So,  business owners should work on their file form SS-4 IRS business registration.

Sole proprietors without employees may not need an SS-4 form. After accomplishing the form, owners will get an employer’s kit stating the details about owned taxes, deadline of payment, place of payment, and amount computation.

Also, business owners will be given an employer’s identification number (EIN) . In the case of sole proprietors, they will use their Social Security number for business identification purposes.

The EIN is needed for the following:

• Communicating with government agencies
• Opening business accounts
• Opening brokerage accounts
• Dealing with other people responsible for reporting business actions to federal government agencies

Next, if the business has employees, it must withhold portions of its employees’ earnings and help with the employer’s share. Applicable regulations relating to withholding wages are strict, and failure to do so can bring government action.

At present, at least two cities and 14 states have complied with the retirement savings legislation. For example:

• New York City has enacted savings programs
• California and Oregan have passed Roth IRA programs
• Vermont started the Green Mountain Secure Retirement plan for multiple employers

2. Land use regulation

Land use regulation is a set of laws and rules that control what can be built on or near a piece of property. These laws are designed to protect people’s health and safety in the area around your property.

Land use regulations are usually enforced by local governments like city councils, county boards, or planning commissions. These local bodies have the power to enforce zoning ordinances, building codes, and other regulations. They also sometimes require businesses to contain permits before building or expanding their facilities.

Most land use regulations aim to preserve open space and prevent pollution from industrial activities. Local governments are also interested in stopping developers from bulldozing neighborhoods to build more business in those areas.

3. Building and fire codes

In most cases, local building codes apply to all properties in a given area, whether they’re commercial or residential. They are enforced by your local government and cover structural integrity, electrical safety, and fire safety. Building codes vary from one city or county to another.

Fire codes regulate how buildings should be built so they don’t catch fire easily and allow firefighters to access the building and put out fires quickly. Additionally, the fire department must know if you are operating on something that can cause fire or chemical hazards and if there are enough fire extinguishers and equipment preset for fire-retardant purposes.

Tips to easily comply with business regulations

If you are still worried about the rigidity of these regulations, there is no need to panic. You can easily conform to them as well as the new and relevant regulations by following these simple tips:

1. Hire a compliance officer

This person’s job is to ensure all standards are met and maintained at all times. They also ensure that everyone in the company knows their responsibilities. In addition, they make sure the right policies and procedures are in place so everyone can access them quickly.

2. Create an internal audit program

Here, you can regularly check how well your policies are working and if there are any areas needing improvement.

3. Have well-oriented employees

Ensure all employees know how to handle sensitive information, such as customer data, credit card numbers, etc., so they don’t leave confidential information lying around where anyone with access could find it.

4. Review your insurance policies

You have to make sure the coverage you need for any liability claims that may come up due to employee negligence or other causes like server failure can serve you.

Which agencies help with business regulations?

The business regulations governing a company are not only complex but also constantly changing. So, it’s essential to stay updated on these regulations. Here are some agencies that help with their regulatory compliance:

1. The Food and Drug Administration (FDA)

The FDA was founded in 1906 under president Theodore Roosevelt. It is an agency that oversees foods, drugs, and medical supplies . It’s in charge of protecting and promoting public health through regulation and supervision of:

• Food safety
• Tobacco products
• Dietary supplements
• Prescription and over-the-counter drugs
• Pharmaceuticals
• Veterinary products
• Radiation-emitting devices

It presents drawbacks to pharmaceutical companies because awaiting FDA approval and marketing of drugs can cause delays due to the demand for further and more rigorous clinical trials, which have already proven their safety and effectiveness.

This can significantly affect patients immediately needing treatment and access to certain drugs . Also, it can be costly to get approval, which is the main reason stopping small firms from entering the market.

2. The Environmental Protection Agency (EPA)

EPA is an agency responsible for protecting human health and the environment by overseeing the following:

• Disposal of waste
• Controlling other pollutants
• Applying greenhouse emission restrictions

Moreover, EPA is responsible for ensuring businesses comply with all environmental regulations and laws, including the Clean Water Act and the Clean Air Act .

3. The Securities and Exchange Commission (SEC)

SEC was created in 1934 by Congress, with commissioners appointed by the U.S. president as advised by the Senate. It’s a federal agency responsible for protecting investors, maintaining fair and orderly markets, and facilitating capital formation .

4. The Federal Trade Commission (FTC)

The FTC promotes consumer protection for U.S. residents and businesses. Its mission is to protect consumers from unfair or deceptive business practices and advance competition’s interests in the marketplace.

It also enforces laws to prevent businesses from engaging in anti-competitive practices such as price-fixing, collusion, and other illegal agreements between competitors. This includes the antitrust laws prohibiting mergers and acquisitions that would substantially reduce competition and lead to monopolies.

The FTC can investigate companies for violations of these laws and recommend action by the Department of Justice . It will decide if the company needs prosecution for an antitrust violation and may seek civil penalties against them in the federal court.

5. Sarbanes-Oxley

Sarbanes-Oxley is not an agency but an act. The Sarbanes-Oxley Act was passed in 2002 after the Enron Scandal , where corporate executives were found guilty of manipulating their companies’ financial statements, which led to investors losing billions. The law was designed to prevent such scandals by creating stricter criteria for auditors performing financial management.

Register Here

• Authorisation

Sample business plan

If you're applying to be authorised by us, learn how to put together your regulatory business plan (RBP).

Typically, we expect an applicant's RBP to cover the sections on this page. If you follow this advice, it will help ensure that your firm is ready, willing and organised to be authorised by us.

Please bear in mind that:

• your RGB can't be generic – it must be tailored to your specific business model
• the list below isn't exhaustive – you may need to consider additional factors depending on your type of firm and the permissions you're applying for

Company details

Provide as much detail as possible relating to the company.

For example:

• the firm’s principal place of business and legal status
• whether the business is incorporated
• how long the firm has been trading for
• what the firm’s website address is
• what the firm’s control structure is (we need to see full details of this)
• have the right to make all decisions affecting the business
• own all the assets of the business
• are responsible for paying income tax on profits of the business
• are responsible for the debts and obligations of the business without any limit

Our Consumer Duty

Our  Consumer Duty ('the Duty') sets the standard of care that firms should give to customers in retail financial markets. It reflects our expectations of firm conduct, and means that your firm must consider customer outcomes and place customers’ interests at the heart of your activities.

The Duty should feature throughout your business plan. To help us assess whether you can comply with the Duty, read more about the  requirements for firms seeking authorisation .

If your firm isn't in scope of the Duty

You'll need to explain why (so we can see that you've considered it) and demonstrate how you'll comply with Principles 6 and 7 in our Handbook, which continue to apply to firms that aren't subject to the Duty.

Read more about the fair treatment of customers .

We require information on the key personnel of the firm. Please provide detailed information on each individual’s role and the management responsibilities they will have.

• who will be carrying out the day to day running of the business
• who are the director(s)/proprietor(s) of your firm, and key persons
• what senior management functions (SMFs) will each individual hold
• who will be responsible for compliance oversight
• what experience your firm’s governing body or senior management has of the regulated activities that you wish to carry out
• what the background and experience is of everyone performing SMFs (including their employment)

Business model overview

Provide an in-depth explanation of what your firm does and the activities your firm will be carrying out.

• what services (both regulated and non-regulated) your firm will provide, as well as the areas the firm specialises in
• why your firm requires authorisation for the activities it will undertake
• details of any relationships/agreements with lead generators or brokers
• if your firm is trading, provide details on your existing customer base and how the regulated activities proposed will impact on these customers
• what your firm’s long-term strategy is (eg growth targets, changes in personnel)
• whether the firm will hold any client money
• details of any fees and how they are explained to the customer

Marketing activities

Set out your marketing plans and any financial promotions that your firm may be using or is planning to use.

Customer journey

Provide details of the customer journey from the very beginning of acquiring the customer to the after-sales care process service that your firm provides.

• how your firm obtains new clients
• whether your firm is acquiring any existing clients from another firm
• what your firm’s ongoing client relationship is
• providing a step-by-step guide of the journey a customer takes for the sale/service
• what the after-sales care process is

Customers in vulnerable circumstances

Provide further information about your firm’s approach to identifying, and meeting the needs of, customers in vulnerable circumstances.

• how your firm identifies when a customer is in a vulnerable circumstance
• what your firm’s process is when dealing with customers in vulnerable circumstances
• what services are offered to customers who find themselves in vulnerable circumstances
• if your firm has a detailed document for this policy, please provide this as a supporting document

Provide detailed information of the compliance structure your firm has in place.

• whether your firm uses a third-party compliance firm to assist in this area, and, if so, provide the details of this arrangement and set out the oversight that the firm has in place
• what quality assurance processes are in place for your firm
• what key risks have been identified and how your firm will mitigate these risks
• whether your firm has a risk-based compliance monitoring programme

Complaints policy

Provide details of your firm’s complaints process.

• how the firm will monitor complaints
• what will happen when a customer isn't satisfied with your firm's resolution

Refer to the DISP rules in our Handbook for more information.

Give details of the training that you'll provide to staff.

• how your firm will ensure staff are sufficiently trained to deliver the requested activities in line with the regulatory requirements
• whether your firm will hold any refresher training, and, if so, how often
• whether your firm will provide specialist training in relation to specific products 
• whether your firm's training material covers vulnerable customers and the complaints policy

Staff incentives

Explain whether your firm will offer incentives to staff, and, if so, provide details of what your firm bases the incentives on.

This might include productivity, quality, compliance caveats, customer feedback, etc.

Capitalisation

Explain how your firm will hold sufficient capital to meet the relevant capital resource requirement.

The information here should corroborate with the financial information you send us as part of your application.

Read more about preparing your firm's financial information .

Overview of policies

Provide an overview of the policies and procedures you have in place that are relevant to your firm's business model.

If you're a credit or mortgage broker or lender, learn what  supporting material  you need to include with your application.

More on authorisation

For the Public

FINRA Data provides non-commercial use of data, specifically the ability to save data views and create and manage a Bond Watchlist.

For Industry Professionals

Registered representatives can fulfill Continuing Education requirements, view their industry CRD record and perform other compliance tasks.

For Member Firms

FINRA GATEWAY

Firm compliance professionals can access filings and requests, run reports and submit support tickets.

For Case Participants

Arbitration and mediation case participants and FINRA neutrals can view case information and submit documents through this Dispute Resolution Portal.

Need Help? | Check System Status

Log In to other FINRA systems

Business Continuity Planning (BCP)

Frequently asked questions related to regulatory relief due to the coronavirus pandemic.

MARCH 18, 2020 Due to the  coronavirus pandemic (COVID-19) , FINRA is providing temporary relief for member firms from rules and requirements in the Frequently Asked Questions below. The relief provided does not extend beyond the identified rules and requirements. As coronavirus-related risks decrease, member firms should expect to return to meeting any regulatory obligations for which relief has been provided. When appropriate, FINRA will publish a Regulatory Notice announcing a termination date for the regulatory relief that will provide member firms with time to make necessary operational adjustments.

FINRA requires firms to create and maintain written business continuity plans (BCPs) relating to an emergency or significant business disruption. Rule 4370 —FINRA's emergency preparedness rule — spells out the required BCP procedures. A firm's BCP must be appropriate to the scale and scope of its business.

BCP procedures must be reasonably designed so the firm can meet its existing obligations to customers. A firm must disclose to its customers how its BCP addresses the possibility of a significant business disruption and how the firms plan to respond to events of varying scope. This BCP disclosure must be made in writing to customers when they open their account, posted on the firm's website if they maintain one and mailed to customers upon request. The BCP also must be made available promptly to FINRA staff if requested.

What to Include in a Business Continuity Plan

FINRA Rule 4370 gives a firm flexibility in designing a BCP. It may be tailored to the size and needs of the firm, but at a minimum it must include the following elements:

• Data backup and recovery (hard copy and electronic);
• All mission critical systems;
• Financial and operational assessments;
• Alternate communications between customers and the firm, and between the firm and employees;
• Alternate physical location of employees;
• Critical business constituent, bank, and counterparty impact;
• Regulatory reporting;
• Communications with regulators; and
• How the firm will assure customers' prompt access to their funds and securities in the event that the firm determines that it is unable to continue its business.

A firm must address the elements to the extent applicable and necessary. If any of the elements is not applicable, the firm's BCP must document the rationale for not including the element in its plan. If a firm relies on another entity for any one of the elements or any mission critical system, the firm's BCP must address this relationship.

FINRA provides the following optional tools to assist firms in in fulfilling their need to create and maintain business continuity plans (BCPs) and emergency contact person lists under FINRA Rule 4370.

• Small Firm Business Continuity Plan Template
• Business Continuity Planning Case Study
• 2009 Pandemic Preparedness Survey Results

Communicating with FINRA

Firms must provide FINRA with emergency contact information. In addition, if a firm is unable to contact FINRA during a significant business disruption through its usual contact, such as the District Office or direct dial number, please call the FINRA Support Center at (301) 590-6500. This number will be rerouted in the event of a business disruption at FINRA's primary call center, so that the firm will be able to reach an operator or receive recorded instructions. This information also will be posted on www.finra.org. 

In instances when data communications are disrupted, firms are responsible for retaining data until it can be transmitted to FINRA.

FINRA's Business Continuity Plan

FINRA's BCP specifies how we will respond to events that significantly disrupt our business and addresses safeguarding our employees and property; insuring data back up and recovery; restoring mission-critical systems as well as critical regulatory and operational activities; alternative communications with investors, member firms, associated persons, and other regulators; and assuring all of our constituents a prompt response to their needs. We plan to continue in business, transfer operations to alternate sites as needed, and maintain as much transparency to our constituents as possible during a disruption. FINRA's business continuity plan is updated and tested regularly, and it is provided to the SEC as part of its oversight of FINRA.

Contact OGC

FINRA's Office of General Counsel (OGC) staff provides broker-dealers, attorneys, registered representatives, investors and other interested parties with interpretative guidance relating to FINRA’s rules. Please see Interpreting the Rules for more information.

OGC staff contacts: Kosha Dalal and Jeanette Wingler FINRA, OGC 1700 K Street, NW Washington, DC 20006 (202) 728-8000  

• Regulatory Notice 21-44 Business Continuity Planning and Lessons From the COVID-19 Pandemic 12/23/2021
• Regulatory Notice 21-29 FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors 08/13/2021
• Regulatory Notice 20-42 FINRA Seeks Comment on Lessons From the COVID-19 Pandemic 12/16/2020
• Information Notice – 3/26/20 Cybersecurity Alert: Measures to Consider as Firms Respond to the Coronavirus Pandemic (COVID-19) 03/26/2020
• Regulatory Notice 20-08 Pandemic-Related Business Continuity Planning, Guidance and Regulatory Relief 03/09/2020
• Regulatory Notice 19-06 FINRA Requests Comment on the Effectiveness and Efficiency of Its Rule on Business Continuity Plans and Emergency Contact Information 02/25/2019
• Regulatory Notice 18-09 FINRA Updates Designation Criteria to Require Firms Reporting U.S. Treasury Securities to TRACE to Participate in FINRA's Business Continuity/Disaster Recovery Testing 03/07/2018
• Regulatory Notice 17-27 Guidance to Members Affected by Hurricane Harvey 08/30/2017
• Regulatory Notice 13-25 FINRA, the SEC and CFTC Issue Joint Advisory on Business Continuity Planning 08/16/2013
• Regulatory Notice 12-53 FINRA Waives Certain Trade Reporting and Compliance Engine (TRACE) Late Trade Reporting Fees in Connection With Hurricane Sandy 12/03/2012
• Regulatory Notice 12-45 Guidance to Members Affected by Hurricane Sandy 10/30/2012
• Information Notice - 8/28/12 Guidance for Firms Potentially Affected by Hurricane Isaac 08/28/2012
• Regulatory Notice 09-60 SEC Approval and Effective Dates for New Consolidated FINRA Rules 10/15/2009
• Regulatory Notice 09-59 FINRA Provides Guidance on Pandemic Preparedness 10/12/2009
• Regulatory Notice 07-49 Guidance for Firms Affected by the California Wildfires 10/25/2007
• Notice to Members 06-74 Member Business Continuity Experiences regarding Hurricanes Katrina and Rita 12/29/2006
• Notice to Members 06-31 NASD Requests Comment on Regulatory Relief that Should Be Granted in Response to a Possible Pandemic or Other Major Business Disruption 06/28/2006
• Notice to Members 05-57 Guidance to Members Affected by Hurricane Katrina 09/02/2005
• Notice to Members 04-37 SEC Approves Rules Requiring Members to Create Business Continuity Plans and Provide Emergency Contact Information 05/05/2004
• Notice to Members 02-23 The NASD Seeks Comment On Proposed Rules Relating To Member Firm Business Continuity Plans And Emergency Contact Information 04/10/2002
• Guidance Cybersecurity and Technology Management The Cybersecurity and Technology Management topic of the 2024 FINRA Annual Regulatory Oversight Report (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) regulatory obligations and related considerations, (2) findings and effective practices, and (3) additional resources. January 09, 2024
• Media Center Preparing for the Unexpected: The Ins and Outs and the Value of Succession Planning Succession planning is important not just for customers and representatives but can even be a matter of life or death when it comes to the continued existence of a firm. On this episode, we hear how and why firms should plan for the expected and unexpected in life. January 24, 2023
• Podcast Business in the Time of COVID-19: BCPs, Regulatory Relief & More The new coronavirus that causes COVID-19 has rapidly changed the way U.S. broker-dealers must conduct business as states implement various shelter-in-place and stay-at-home orders, forcing workers remote. On this episode, we talk to FINRA’s Chief Legal Officer and Head of Member Supervision to learn how FINRA is adapting its operations and providing important regulatory relief. March 31, 2020

Due to the coronavirus pandemic (COVID-19) , FINRA is providing temporary relief for member firms from rules and requirements in the Frequently Asked Questions below. The relief provided does not extend beyond the identified rules and requirements. FINRA will continue to monitor the situation to determine whether additional guidance and relief may be appropriate. As coronavirus-related risks decrease, member firms should expect to return to meeting any regulatory obligations for which relief has been provided.

• Targeted Examination Letter Targeted Examination Letter on Business Continuity Plans In coordination with the SEC and the CFTC, we are conducting a review of the impact of Hurricane Sandy on firms’ operations and their ability to conduct business at a time when business continuity plans were enacted. November 01, 2012
• Report / Study Pandemic Preparedness Survey Results In 2009 FINRA conducted a voluntary firm survey to determine preparedness for a pandemic in light of current events involving influenza A (H1N1). This survey continues FINRA's efforts to assist firms with business continuity planning by facilitating the exchange of information. October 26, 2009
• FAQ Business Continuity Planning FAQ Frequently asked questions regarding Business Continuity Planning (BCP) and FINRA Rule 4370.
• Compliance Tools Small Firm Business Continuity Plan Template FINRA is providing a template as an optional tool to assist small introducing firms in fulfilling their obligations under FINRA Rule 4370 (Business Continuity Plans and Emergency Contact Information).
• FINRA Issues Alert Warning Investors of Stock Fraud Following Hurricane Harvey August 31, 2017
• FINRA Announces Small Firm Emergency Partner Program October 11, 2007

• Products & Services
• Community & Resources
• Why ConnectWise

Integrated front and back office solutions

Manage customer endpoints and data

Protect your clients’ critical business assets

The purpose-built platform for MSPs

See our latest product innovations that enhance your ConnectWise experience. View roadmap>>

Industry events and networking

Peer groups and product training

Top-rated vendors and integrations

Business-driving insights and guidance

Company profile, values, and leaders

The latest ConnectWise updates

Roles and industries we support

The only truly unified platform purpose-built for MSPs. Learn more >>

ConnectWise solution resources

Certifications and resources

Access your products, see announcements, and find support Log in to ConnectWise Home  >>

Discover total profit solutions for IT companies. Learn more >>

Business continuity compliance requirements

Business continuity and disaster recovery (BCDR) plans serve as an effective blueprint for keeping your clients’ operations afloat when disaster strikes and can help protect against potential threats. However, certain organizations are faced with unique compliance standards and industry-specific regulations that should be factored into any BCDR plan.  

Keeping your clients safe, secure, and penalty-free is a must. Ensuring they meet today’s business continuity plan compliance requirements is a proactive step in preventing disruption and protecting their sensitive data and confidential information. We’re going to cover how the current threat landscape factors into compliance needs, some of the most common regulations you may have to meet, and how you can get your clients compliant from the start.

Why we need a BCP for compliance

Business continuity planning is essential for compliance because it helps organizations meet regulatory requirements, ensure the continuity of critical operations, and protect sensitive information. A strong BCP can also solidify a business’s reputation and help avoid legal and financial penalties in the case of unexpected downtime. Additional benefits include: 

• Regulatory compliance. With a BCP, your clients demonstrate their commitment to meeting regulatory requirements and have plans in place to minimize disruptions—protecting shareholders and customers.
• Data protection. Organizations are responsible for safeguarding sensitive data, ensuring its availability and integrity. A comprehensive BCP includes measures to protect data assets, such as secure backups and procedures for data recovery in case of an incident.
• Risk management. Having a BCP is an integral part of risk management for businesses. Compliance frameworks and regulations require organizations to identify and assess risks to their operations. With a BCP, you can be sure that your clients have identified potential vulnerabilities, evaluated the impact of disruptions, and implemented new strategies to minimize risk.
• Business reputation. Business continuity is closely intertwined with an organization’s overall reputation in the industry. Empower your clients with plans to ensure the continuity of service in the face of unseen events. This demonstrates a business’s commitment to operational resilience, customer satisfaction, and stakeholder trust.

Healthcare, finance, and government entities are required by law to have business continuity plans in place to keep their operations running and data safe despite disruptions (or face legal and financial consequences). Additionally, meeting business continuity and compliance regulations is a competitive advantage, as disaster recovery is a timely and costly process.

Business downtime causes and what they mean for compliance

Part of what makes compliance such an intricate topic for BCDR is the variety of threats out there, all of which you need to account for in your plan.

First, there are the more obvious threats. Global cybersecurity attacks increased by a staggering 38% in 2022, many targeting critical business infrastructure. And with compliance standards higher than ever , MSPs must offer BCDR solutions that are flexible enough to adapt to specific industry standards.

Many cybercriminal organizations have focused on gaining access to digital collaboration tools used by remote or hybrid teams. Managing a host of client information and data can expose you as a major target for cyberattacks. Even with security measures in place, some phishing and ransomware attacks still occur.

Business compliance plans (BCPs) fit neatly to support this need from a recovery standpoint, but it also opens up your business to compliance concerns.

While cyberattacks may be one of the more glaring threats, they certainly aren’t the only ones that factor into compliance. Natural disasters and system failures can also impact downtime and data protection, but your clients are still responsible for keeping essential systems active in those scenarios. This especially applies in specific industries like healthcare or finance.

Failing to meet these requirements means incurring heavy legal, financial, and reputational penalties on the client side, and damaging credibility on the MSP. So, not only are the stakes high when it comes to compliance, but you have to be compliant in a variety of different situations.

Legal requirements of having a BCP in place

For many organizations in the government, healthcare, and financial services sectors, having a business continuity and compliance plan is a legal requirement. Without one, an organization can face penalties for noncompliance.

Navigating the intricacies of business continuity and compliance regulations is challenging. Many professionals may not be deeply familiar with the specific laws and regulations required to establish an actionable business continuity plan for regulatory compliance.

Understanding business continuity for compliance as it relates to your client base is transformative. By fully integrating a company’s compliance with disaster planning, you empower them by safeguarding their sensitive data and meeting legal requirements. 

Due to the Health Insurance Portability and Accountability Act (HIPAA) , business continuity compliance is mandatory.

This requires health information systems to have advanced data management capabilities to protect critical and sensitive information—or risk a penalty ranging from $100 to $50,000.

In addition, organizations should comply with federal and any state-level regulations by having an actionable plan that establishes an emergency operational base during a crisis.

Financial organizations also must report to specific regulatory agencies and governmental policies. To ensure all financial data is secure and banking centers can remain operational in a crisis, the financial sector is bound by Financial Industry Regulatory Authority (FINRA) compliance mandates.

While specifics may vary from business to business, data retention is the overall goal of financial continuity compliance efforts. Data retention best practices include classification, compliance, and deletion.

Creating a business continuity compliance plan for your financial clients typically includes a strategy for each of the following elements:

• Data backup and recovery options
• Any mission-critical business systems or platforms
• Financial and operational assessments
• Communication plans between the financial organization and its customers
• Communication plans between the financial organization and its employees
• Communication plans between the financial organization and its regulators
• Alternative physical locations for employees
• Critical business bank impact
• Regulatory reporting
• Providing customers with fund access if business operations must cease

You should also be aware of the following items for your financial sector clients:

• Basel II, Basel Committee on Banking Supervision, Sound Practices for Management and Supervision : This requires banks to develop a BCP and disaster recovery plan to ensure uninterrupted operation amid a crisis or less severe disruption.
• Expedited Funds Availability (EFA) Act : This act requires any federally chartered financial institution to have a BCP ensuring the prompt availability of customer funds.
• Federal Financial Institutions Examination Council (FFIEC) Handbook : This handbook determines that directors and managers of financial institutions are responsible for organizational contingency planning.
• Interagency Paper on Sound Practices to Strengthen the Resilience of the US Financial System : These best practices underscore the requirement to regularly upgrade and test BCPs for efficacy and security.

In the event of a crisis or emergency, government centers must stay open and operational. According to the Federal Information Security Modernization Act (FISMA) and Executive Order 13636 on Improving Critical Infrastructure Cybersecurity , operations must resume in a crisis. However, the specifics are left up to local governments.

The National Institute of Standards and Technology (NIST) outlines a few key touchstones a business continuity and compliance plan should include:

• Contingency planning policy and procedures
• Contingency plan
• Contingency training
• Contingency plan testing
• Contingency plan update
• The Federal Information Security Act (FISMA) of 2002 , Title III of the E-Government Act of 2002 (PL 107-347) , and Executive Order on Critical Infrastructure Protection in the Information Age : These documents reiterate the importance of government entities creating and maintaining a BCDR solution.
• The COOP and Continuity of Government (COG), Federal Preparedness Circular : This document established the minimum planning considerations required for federal government operations.

Compliance with industry-based rules

We mentioned HIPAA briefly earlier, but let’s dig deeper into healthcare-based compliance considerations. HIPAA regulations specify several criteria organized into three core categories:

Administrative safeguards

• Data backup plan
• Disaster recovery plan
• Emergency mode operation plan
• Testing and revision procedures
• Applications and data criticality analysis

Physical safeguards

• Facility access controls
• Contingency operations
• Device and media controls
• Data backup and storage

Technical safeguards

• Access control
• Emergency access procedure

For your healthcare clients to remain HIPAA compliant, create a BCP that considers:

• Detailed asset inventory
• Establishing and articulating organization guidelines for crisis management, emergency notification, and media protocols
• Identifying core teams responsible for recovery, logistics, and staffing
• Articulating roles and responsibilities during contingency operations

Compliance with Payment Card Industry Data Security Standards (PCI DSS)

Payment Card Industry (PCI) compliance requirements ensure that all companies that process, store, or transmit credit card information maintain a secure environment. Payment brands and acquirers, the financial institutions that process debit and credit card transactions on behalf of the issuers, are responsible for enforcing compliance—rather than the PCI Security Standards Council (PCI SSC).

PCI DSS provides an extensive number of frameworks, blueprints, and resources to help organizations maintain optimal credit card security for cardholders. Determine what your clients use to store credit card information before developing an effective compliance program.

Compliance with other industry-based rules

Nearly every industry—from restaurants to educational centers—has a specific set of industry-based rules, regulations, and compliance necessities. Understanding the standards and nuances of the key industries that comprise your clientele will ensure you have the right plans and software in place should disaster strike. 

Compliance with well-known standards

In addition to compliance with industry-based rules and regulations, make sure your clients’ BCDR plans comply with these well-known standards.

ISO 22301 is an international standard for business continuity and compliance requirements. It provides a clear and concise framework for organizations to effectively plan, establish, implement, operate, monitor, and improve their BCP systems.

Organizations leveraging ISO 22301 can enhance overall organizational resilience and reduce the impact of disruptive incidents or crises. With ISO 22301, businesses can better identify risks, develop response and recovery procedures, and ensure the right resources remain available.

NIST Cybersecurity Framework

NIST’s Cybersecurity Framework is a set of guidelines and best practices for managing and improving cybersecurity protocols.

Contingency plans are required to ensure operations during a crisis, particularly for government centers and operations. NIST’s framework helps organizations assess their cybersecurity posture, identify opportunities for improvement, and prioritize specific investments in cybersecurity.

Other well-known standards

In addition to ISO 22301 and the NIST Cybersecurity Framework, there are many other well-known standards you should remain aware of:

• ISO/IEC 27001 : This is an international standard for information security management systems (ISMS), providing a systematic approach to managing sensitive information.
• Control Objectives for Information and Related Technologies (COBIT) : This is a framework for IT governance and management, helping organizations align their IT practices with business objectives.
• NIST Special Publication 800-53 : This is a widely recognized framework designed for information security management within federal information systems.
• ISO 45001 : A standard for occupational health and safety management systems, ISO 45001 provides a framework for organizations to manage health and safety risks.
• ISO 50001 : A standard for energy management systems, ISO 50001 helps organizations establish an energy management framework to improve performance and efficiency.

BCP compliance considerations by region

Depending on where your client is located, consider any relevant regional BCP compliance requirements. Although by no means a complete collection of all compliance regulations by region, this list provides a launching point to learn more.

Compliance requirements in the US

• Consumer Credit Protection Act (CCPA)—Electronic Funds Transfer : The CCPA establishes the rights, liabilities, and responsibilities of participants in electronic fund transfer systems.
• Electronic Fund Transfer Act (EFTA) : The EFTA protects consumers using electronic fund transfer (EFT) services.
• Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) : Passed in 1991, the FDICIA requires all FDIC-insured depository institutions with assets totaling $500 million or more to adopt annual audit and reporting practices.

Compliance requirements in Canada

Directive on Security Management : The Directive on Security Management provides procedures and frameworks to navigate business continuity management practices, business impact analysis, business continuity plans, awareness and training, testing, and monitoring.

Compliance requirements in Australia

• Australian Prudential Regulation Authority (ARPA) : ARPA is an independent statutory body that supervises institutions across banking, insurance, and finance in Australia. Visit their website to explore your industry's specific regulatory compliance requirements.
• Protective Security Policy Framework (PSPF) : This document assists Australian government entities in protecting their people, information, and assets—both at home and overseas. PSPF offers a governmental protective security policy and supports entities as they implement policies on security governance, information security, personnel security, and physical security.
• AZ/ NZW ISO 31000:2009 : As a globally accepted standard, ISO 31000 offers principles and guidelines for managing all forms of risk. Australia and New Zealand partnered to produce these principles and guidelines.

Compliance requirements in the UK

• BS 16000:2015 : From the British Standards Institution, BS 16000:2015 provides guidance on security management for any organization—large, small, public, or private—to support its long-term viability and success.
• PS 25666:2010 : This standard offers guidance on exercising and testing for continuity and contingency programs within an organization.
• BS 11200:2014 : Focused on crisis management, this framework helps management plan, establish, operate, and maintain their organization’s crisis management response and capability.

Compliance requirements in Ireland

Directive on Security of Network and Information Systems : The Directive on Security of Network and Information Systems concerns the security of network and information systems to protect critical infrastructure and economies.

Compliance requirements in New Zealand:

• AS/NZS ISO 31000:2009 : This framework created by New Zealand and Australia is a globally accepted standard for managing all forms of risk. It provides policies, resources, and progress markers for organizations.
• Civil Defence Emergency Management Act 2002 : This framework provides an infrastructure for New Zealand to prepare for, deal with, and respond to local, regional, and national emergencies.

Compliance requirements in Benelux

Benelux Organization for Intellectual Property (BOIP) : The BOIP implements regulations under the Benelux Convention on Intellectual Property regarding trademarks, industrial designs and property, intellectual property, and designs.

Stay resilient in the face of disaster

Your clients are counting on you to help minimize data loss and business downtime in the face of a natural disaster, cyberattack, or system failure. Business continuity planning is just one element of a successful BCDR strategy; MSPs need the technology and resources to deliver the protection clients demand.

With ConnectWise backup and data recovery solutions, you can provide peace of mind for your clients while protecting your reputation—and your revenue. Whether your data is hosted in the cloud, hybrid, or on-premises, you can rest assured knowing your critical assets are safeguarded by the best software in the industry. Watch a free demo of ConnectWise’s BCDR solutions to learn more.

How can businesses ensure compliance with business continuity regulations in a remote work environment?

For remote work environments, compliance with business continuity regulations remains critical. In addition to understanding the importance of a BCP, support your clients with a hybrid or remote workforce by: 

• Reviewing applicable regulations.
• Updating policies and procedures.
• Implementing secure remote technologies.
• Conducting risk assessments.
• Providing clients with comprehensive training on best practices.

Businesses operating in a remote work environment also greatly benefit from alternative forms of backup, such as direct-to-cloud backup. This allows laptops and systems to be adequately backed up regardless of location. 

Leveraging a hybrid cloud infrastructure (a combination of on-site, private, and public cloud storage) is useful for ensuring business continuity compliance. Diversified backup options give businesses more control over where their data is stored, which helps to maintain BCDR regulations. 

How can businesses ensure compliance with business continuity regulations while also minimizing costs?

Maintain compliance with business continuity regulations while minimizing costs by adopting a risk-based approach. This involves conducting a thorough business impact analysis to identify potential losses and risks. Completing a BIA helps identify and prioritize which processes have the greatest impact on an organization’s financial operations. 

What are the compliance requirements for business continuity in the event of a cyberattack?

Compliance requirements for business continuity in the event of a cyberattack typically involve a few key aspects. This includes: 

• Promptly detecting and reporting the attack. 
• Activating an incident response plan. 
• Identifying the vulnerability that enabled the attack. 
• Mitigating the impact. 
• Notifying relevant stakeholders. 
• Conducting a thorough post-incident review. 
• Documenting the process to prevent a future attack.

How do compliance requirements for business continuity vary based on the type of data being protected?

Compliance requirements for business continuity can vary based on the type of data being protected. Highly sensitive data—most common with healthcare, financial, and government organizations—have stricter requirements, necessitating robust security measures. 

Specific compliance requirements vary based on the type of data a company processes, where the country is located, and industry standards. However, an extensive business continuity and compliance plan will likely meet most disaster-related requirements of regulatory and government agencies. 

How can businesses prepare for changes in business continuity compliance requirements?

Businesses can prepare for changes by staying updated on industry regulations and continuously maintaining a BCDR program. Develop contingency plans that review internal documentation and remove accounts of people no longer working with your client’s organization. This will aid in daily security efforts and mitigate future risks.

Sections in this Article

Chapter 3: How to test a BCDR plan

Chapter 5: Best practices for scaling your BCDR business

Chapter 6: How to choose the right BCDR solutions

Meet your clients' compliance needs

The University of Chicago The Law School

Innovation clinic—significant achievements for 2023-24.

The Innovation Clinic continued its track record of success during the 2023-2024 school year, facing unprecedented demand for our pro bono services as our reputation for providing high caliber transactional and regulatory representation spread. The overwhelming number of assistance requests we received from the University of Chicago, City of Chicago, and even national startup and venture capital communities enabled our students to cherry-pick the most interesting, pedagogically valuable assignments offered to them. Our focus on serving startups, rather than all small- to medium-sized businesses, and our specialization in the needs and considerations that these companies have, which differ substantially from the needs of more traditional small businesses, has proven to be a strong differentiator for the program both in terms of business development and prospective and current student interest, as has our further focus on tackling idiosyncratic, complex regulatory challenges for first-of-their kind startups. We are also beginning to enjoy more long-term relationships with clients who repeatedly engage us for multiple projects over the course of a year or more as their legal needs develop.

This year’s twelve students completed over twenty projects and represented clients in a very broad range of industries: mental health and wellbeing, content creation, medical education, biotech and drug discovery, chemistry, food and beverage, art, personal finance, renewable energy, fintech, consumer products and services, artificial intelligence (“AI”), and others. The matters that the students handled gave them an unparalleled view into the emerging companies and venture capital space, at a level of complexity and agency that most junior lawyers will not experience until several years into their careers.

Representative Engagements

While the Innovation Clinic’s engagements are highly confidential and cannot be described in detail, a high-level description of a representative sample of projects undertaken by the Innovation Clinic this year includes:

Transactional/Commercial Work

• A previous client developing a symptom-tracking wellness app for chronic disease sufferers engaged the Innovation Clinic again, this time to restructure its cap table by moving one founder’s interest in the company to a foreign holding company and subjecting the holding company to appropriate protections in favor of the startup.
• Another client with whom the Innovation Clinic had already worked several times engaged us for several new projects, including (1) restructuring their cap table and issuing equity to an additional, new founder, (2) drafting several different forms of license agreements that the company could use when generating content for the platform, covering situations in which the company would license existing content from other providers, jointly develop new content together with contractors or specialists that would then be jointly owned by all creators, or commission contractors to make content solely owned by the company, (3) drafting simple agreements for future equity (“Safes”) for the company to use in its seed stage fundraising round, and (4) drafting terms of service and a privacy policy for the platform.
• Yet another repeat client, an internet platform that supports independent artists by creating short films featuring the artists to promote their work and facilitates sales of the artists’ art through its platform, retained us this year to draft a form of independent contractor agreement that could be used when the company hires artists to be featured in content that the company’s Fortune 500 brand partners commission from the company, and to create capsule art collections that could be sold by these Fortune 500 brand partners in conjunction with the content promotion.
• We worked with a platform using AI to accelerate the Investigational New Drug (IND) approval and application process to draft a form of license agreement for use with its customers and an NDA for prospective investors.
• A novel personal finance platform for young, high-earning individuals engaged the Innovation Clinic to form an entity for the platform, including helping the founders to negotiate a deal among them with respect to roles and equity, terms that the equity would be subject to, and other post-incorporation matters, as well as to draft terms of service and a privacy policy for the platform.
• Students also formed an entity for a biotech therapeutics company founded by University of Chicago faculty members and an AI-powered legal billing management platform founded by University of Chicago students.
• A founder the Innovation Clinic had represented in connection with one venture engaged us on behalf of his other venture team to draft an equity incentive plan for the company as well as other required implementing documentation. His venture with which we previously worked also engaged us this year to draft Safes to be used with over twenty investors in a seed financing round.

More information regarding other types of transactional projects that we typically take on can be found here .

Regulatory Research and Advice

• A team of Innovation Clinic students invested a substantial portion of our regulatory time this year performing highly detailed and complicated research into public utilities laws of several states to advise a groundbreaking renewable energy technology company as to how its product might be regulated in these states and its clearest path to market. This project involved a review of not only the relevant state statutes but also an analysis of the interplay between state and federal statutes as it relates to public utilities law, the administrative codes of the relevant state executive branch agencies, and binding and non-binding administrative orders, decisions and guidance from such agencies in other contexts that could shed light on how such states would regulate this never-before-seen product that their laws clearly never contemplated could exist. The highly varied approach to utilities regulation in all states examined led to a nuanced set of analysis and recommendations for the client.
• In another significant research project, a separate team of Innovation Clinic students undertook a comprehensive review of all settlement orders and court decisions related to actions brought by the Consumer Financial Protection Bureau for violations of the prohibition on unfair, deceptive, or abusive acts and practices under the Consumer Financial Protection Act, as well as selected relevant settlement orders, court decisions, and other formal and informal guidance documents related to actions brought by the Federal Trade Commission for violations of the prohibition on unfair or deceptive acts or practices under Section 5 of the Federal Trade Commission Act, to assemble a playbook for a fintech company regarding compliance. This playbook, which distilled very complicated, voluminous legal decisions and concepts into a series of bullet points with clear, easy-to-follow rules and best practices, designed to be distributed to non-lawyers in many different facets of this business, covered all aspects of operations that could subject a company like this one to liability under the laws examined, including with respect to asset purchase transactions, marketing and consumer onboarding, usage of certain terms of art in advertising, disclosure requirements, fee structures, communications with customers, legal documentation requirements, customer service and support, debt collection practices, arrangements with third parties who act on the company’s behalf, and more.

Miscellaneous

• Last year’s students built upon the Innovation Clinic’s progress in shaping the rules promulgated by the Financial Crimes Enforcement Network (“FinCEN”) pursuant to the Corporate Transparency Act to create a client alert summarizing the final rule, its impact on startups, and what startups need to know in order to comply. When FinCEN issued additional guidance with respect to that final rule and changed portions of the final rule including timelines for compliance, this year’s students updated the alert, then distributed it to current and former clients to notify them of the need to comply. The final bulletin is available here .
• In furtherance of that work, additional Innovation Clinic students this year analyzed the impact of the final rule not just on the Innovation Clinic’s clients but also its impact on the Innovation Clinic, and how the Innovation Clinic should change its practices to ensure compliance and minimize risk to the Innovation Clinic. This also involved putting together a comprehensive filing guide for companies that are ready to file their certificates of incorporation to show them procedurally how to do so and explain the choices they must make during the filing process, so that the Innovation Clinic would not be involved in directing or controlling the filings and thus would not be considered a “company applicant” on any client’s Corporate Transparency Act filings with FinCEN.
• The Innovation Clinic also began producing thought leadership pieces regarding AI, leveraging our distinct and uniquely University of Chicago expertise in structuring early-stage companies and analyzing complex regulatory issues with a law and economics lens to add our voice to those speaking on this important topic. One student wrote about whether non-profits are really the most desirable form of entity for mitigating risks associated with AI development, and another team of students prepared an analysis of the EU’s AI Act, comparing it to the Executive Order on AI from President Biden, and recommended a path forward for an AI regulatory environment in the United States. Both pieces can be found here , with more to come!

Innovation Trek

Thanks to another generous gift from Douglas Clark, ’89, and managing partner of Wilson, Sonsini, Goodrich & Rosati, we were able to operationalize the second Innovation Trek over Spring Break 2024. The Innovation Trek provides University of Chicago Law School students with a rare opportunity to explore the innovation and venture capital ecosystem in its epicenter, Silicon Valley. The program enables participating students to learn from business and legal experts in a variety of different industries and roles within the ecosystem to see how the law and economics principles that students learn about in the classroom play out in the real world, and facilitates meaningful connections between alumni, students, and other speakers who are leaders in their fields. This year, we took twenty-three students (as opposed to twelve during the first Trek) and expanded the offering to include not just Innovation Clinic students but also interested students from our JD/MBA Program and Doctoroff Business Leadership Program. We also enjoyed four jam-packed days in Silicon Valley, expanding the trip from the two and a half days that we spent in the Bay Area during our 2022 Trek.

The substantive sessions of the Trek were varied and impactful, and enabled in no small part thanks to substantial contributions from numerous alumni of the Law School. Students were fortunate to visit Coinbase’s Mountain View headquarters to learn from legal leaders at the company on all things Coinbase, crypto, and in-house, Plug & Play Tech Center’s Sunnyvale location to learn more about its investment thesis and accelerator programming, and Google’s Moonshot Factory, X, where we heard from lawyers at a number of different Alphabet companies about their lives as in-house counsel and the varied roles that in-house lawyers can have. We were also hosted by Wilson, Sonsini, Goodrich & Rosati and Fenwick & West LLP where we held sessions featuring lawyers from those firms, alumni from within and outside of those firms, and non-lawyer industry experts on topics such as artificial intelligence, climate tech and renewables, intellectual property, biotech, investing in Silicon Valley, and growth stage companies, and general advice on career trajectories and strategies. We further held a young alumni roundtable, where our students got to speak with alumni who graduated in the past five years for intimate, candid discussions about life as junior associates. In total, our students heard from more than forty speakers, including over twenty University of Chicago alumni from various divisions.

The Trek didn’t stop with education, though. Throughout the week students also had the opportunity to network with speakers to learn more from them outside the confines of panel presentations and to grow their networks. We had a networking dinner with Kirkland & Ellis, a closing dinner with all Trek participants, and for the first time hosted an event for admitted students, Trek participants, and alumni to come together to share experiences and recruit the next generation of Law School students. Several speakers and students stayed in touch following the Trek, and this resulted not just in meaningful relationships but also in employment for some students who attended.

More information on the purposes of the Trek is available here , the full itinerary is available here , and one student participant’s story describing her reflections on and descriptions of her experience on the Trek is available here .

The Innovation Clinic is grateful to all of its clients for continuing to provide its students with challenging, high-quality legal work, and to the many alumni who engage with us for providing an irreplaceable client pipeline and for sharing their time and energy with our students. Our clients are breaking the mold and bringing innovations to market that will improve the lives of people around the world in numerous ways. We are glad to aid in their success in any way that we can. We look forward to another productive year in 2024-2025!

• Updated Terms of Use
• New Privacy Policy
• Your Privacy Choices
• Closed Captioning Policy

Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by  Factset . Powered and implemented by  FactSet Digital Solutions .  Legal Statement .

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. FAQ - New Privacy Policy

Elon Musk, RFK claim Kamala Harris wants to shut down X unless site conforms to government oversight

Clip of harris in 2019 resurfaces where she scolded social media sites having no 'oversight and regulation'.

Rep. Michael Rulli warns against Harris' price control plan: 'We'll be a third world nation in a heartbeat'

Rep. Michael Rulli, R-Ohio, dissects Vice President Harris' price control plan, her fake accent during a recent rally and the Biden-Harris administration's economic record.

X owner Elon Musk and former independent presidential candidate Robert F. Kennedy, Jr. claimed on social media that Vice President Kamala Harris would want to "shut down" X if it can’t be made to conform to government oversight.

The two figures backing former President Trump shared a clip from an interview Harris had with CNN in 2019 after a Democratic presidential primary debate, where she blasted social media sites for "directly speaking to millions and millions of people without any level of oversight and regulation," something she said "has to stop."

"Translation: If they don't police content to conform to government-approved narratives, they will be shut down," Kennedy said, characterizing Harris’ statements from the five-year-old clip.

BILL MAHER MOCKS FLIP FLOPS FROM HARRIS AND WALZ IN CNN INTERVIEW: ‘JUST INSULTING MY INTELLIGENCE’

Elon Musk, left, and Robert F. Kennedy, Jr. warned that Vice President Kamala Harris would stifle free speech online if she won the presidency.  (Anna Moneymaker/Staff | Robert Gauthier/Contributor | Michael M. Santiago/Staff )

A clip of the interview went viral on X this week, as Harris’ critics pointed to it as supposed evidence of how the vice president would stifle free speech on social media platforms if elected president.

In the full interview, Harris expressed her desire to see then-President Trump’s Twitter account — before Twitter became X — removed because of its negative impact on society.  

"And when you’re talking about Donald Trump, he has 65 million Twitter followers, he has proven himself to be willing to obstruct justice — just ask Bob Mueller. You can look at the manifesto from the shooter in El Paso to know that what Donald Trump says on Twitter impacts peoples’ perceptions about what they should and should not do," she said.

Harris then declared that Trump’s account "should be taken down" because he had violated the site's terms of service.

She also spoke about the need for the government to regulate the platform so that speech like Trump’s, or that of other popular figures, can’t become a bad influence on millions of users.

"And the bottom line is that you can’t say that you have one rule for Facebook and you have a different rule for Twitter. The same rule has to apply, which is that there has to be a responsibility that is placed on these social media sites to understand their power," Harris said. 

She added, "They are speaking to millions of people without any level of oversight or regulation. And that has to stop."

CNN FACT CHECKER HITS KAMALA HARRIS FOR CLAIMING SHE ‘MADE CLEAR' IN 2020 SHE WOULDN'T BAN FRACKING

Vice President Kamala Harris speaks during a campaign event in Detroit on Monday. (Emily Elconin/Bloomberg via Getty Images / Getty Images)

Incorrectly claiming she was speaking about Musk — as the short clip did not indicate who she was referring to — Kennedy called out Harris on X for the statements, accusing her of wanting to stifle free speech online if it doesn’t conform to "government-approved narratives."

In his X post, he asked, "Can someone please explain to her that freedom of speech is a RIGHT, not a ‘privilege’?"

Musk shared Kennedy’s post early Tuesday morning, along with his own comment that the Democratic Party wants to destroy free speech. 

He wrote, "This is what she actually believes. Free speech is the bedrock of democracy and the Democratic Party (Kamala is just a puppet) wants to destroy it."

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Both the Harris campaign and the DNC declined to comment.