SUNY PP Home Page   Print Page   Close Page   Convert current file into a PDF document   Convert current file into a DOC document

Legal and Compliance

Responsible Office:

Policy Title:
Compliance Program

Document Number:

Effective Date:
November 15, 2018

This policy item applies to:
State-Operated Campuses
Table of Contents

Other Related Information


It is the Policy of the State University of New York (University) to undertake its best efforts to comply with all State and federal laws, rules, regulations, standards, and obligations governing its operations consistent with the highest standards of business and professional ethics and the University¿s reputation for integrity and excellence. Given the highly complex structure and operations of the University, the Compliance Program is designed to address and promote greater coordination and consistency among individual campus compliance programs, which cover a large number of compliance areas, including higher education, research, healthcare, human resources, information technology, and athletics, among others. The compliance program outlines institutional infrastructures and processes necessary to prevent, as well as detect, mitigate, and remediate, instances of noncompliance and assigns responsibility for the development of those infrastructures, the implementation of those processes, and the ongoing assessment and oversight of the program itself.


  1. Purpose

    It is the objective of the Compliance Program to implement and maintain a systematic organization-wide approach for identifying, assessing, and managing risks to achieving compliance objectives; developing and maintaining adequate processes to help ensure adherence to applicable laws, rules, regulations, policies and procedures; and preserving its reputation for integrity and excellence. To meet these objectives, the University has developed a Compliance Program that structures compliance obligations and proactively mitigates the risks to fulfilling these obligations in a consistent manner. The Compliance Program is a key component of the University's Enterprise Risk Management (ERM) Program, and will specifically:

    • Establish a cohesive structure for compliance
    • Communicate the University's commitment to compliance and expectations of the University employees with regard to compliant behavior
    • Promote ethical and compliant culture and behaviors
    • Facilitate the sharing of compliance information
    • Provide direction and guidance on compliance matters
    • Support the education and training of individuals throughout the University on the importance of compliance processes and procedures, as well as keeping up with changing regulatory environments
    • Hold the organization accountable for compliant behavior and integrity
    • Consolidate the reporting of compliance monitoring activities from across the University
    • Evaluate and determine the overall effectiveness of the University's Compliance Program
  2. Requirements

    The Compliance Program is designed to facilitate the sharing of information to inform the University's functional areas of the laws, rules, and regulations relevant to their operations; educate the University community on the importance of complying with the requirements set forth in these regulations; monitor activities to determine whether the requirements are being satisfied; and evaluate the overall effectiveness of the Compliance Program. Furthermore, the Compliance Program serves as a means of helping to enforce accountability and to further promote ethical behavior and integrity.

    As a key component of the ERM Program, the Compliance Program is also designed to assist in identifying and assessing the risks to the University so that its compliance objectives can be met. This function will operate in collaboration with the compliance program of the SUNY Research Foundation.

  3. Design

    The Audit Committee of the Board of Trustees has oversight of the ERM Program, which includes the Compliance Program as one of its key components. The design, implementation, and operation of the program is included as part of the ERM Steering Committee's oversight, with the day-to-day responsibilities of executing the program delegated to the Compliance Officer.

    The Compliance Program incorporates the nationally recognized framework set forth in the United States Federal Sentencing Guidelines. The key elements of the Compliance Program include:

    • Written Policies and Procedures
    • Compliance Program Oversight
    • Communication, Training and Education
    • Reporting and Investigation
    • Auditing and Monitoring
    • Enforcement of Compliance Standards
    • Response and Prevention
    • Risk Assessment


There are no definitions relevant to this policy.

Other Related Information

US Federal Sentencing Guidelines for Organizations

SUNY Policy, Document No. 7502 - Enterprise Risk Management Program


There are no procedures relevant to this policy.


There are no forms relevant to this policy.


State University of New York Board of Trustee Resolution, No. 2015-39.


June 16, 2015, Board of Trustee Resolution No. 2015-39, Adoption of an Enterprise Risk Management Program

SUNY Enterprise Risk Management Program Policy

November 15, 2018, Upon recommendation of the Chancellor, the Board of Trustees adopted the Compliance Program Policy as University Policy, Resolution #


There are no appendices relevant to this policy.