HR Compliance Checklist

Inspect List A or List B+C documents in person (or via authorized representative for remote hires) within three business days of the start date. E-Verify if the firm participates. Late or missing I-9s are the most common DOJ/ICE audit finding.

FINRA Rule 3110(e) requires investigation of the applicant's prior employment, education, and any disclosure events on prior Form U4s. For non-registered staff, run the firm's standard FCRA-compliant check with signed authorization. Resolve any disclosable events with the CCO before the start date.

Determines downstream licensing steps. Registered reps and IARs require Form U4, fingerprints, and CRD setup before any client-facing activity. Non-registered operations and admin staff skip those filings.

Submit the U4 in FINRA Gateway with all DRPs (disclosure reporting pages) reviewed by the CCO. Confirm the requested registration types (Series 7, 65, 66, 24, etc.) match the role and that state registrations cover every state where the rep will solicit. Do not allow registered activity to begin before the registration is approved.

Fingerprint cards or electronic prints must reach FINRA within 30 days of the U4 filing or the registration is purged. Use the firm's Live Scan vendor or FD-258 cards.

Distribute the current handbook including the code of ethics, written supervisory procedures, outside business activity policy, personal trading policy, and electronic communications policy. Capture a signed acknowledgment in the personnel file.

Enter the new hire in the payroll system (ADP, Paychex, Gusto, etc.) with W-4 elections, state withholding, direct deposit detail verified by voided check or micro-deposit, and the role's commission or salary structure. Confirm the first pay period covers the actual start date.

SEC Rule 204-2 and FINRA Rule 4511 require offer letter, signed agreements, U4 (if applicable), background check results, and acknowledgments retained in WORM-compliant storage. NetDocuments, Laserfiche, or the HRIS document module typically serve as the books-and-records repository.

Health, disability, FMLA, and workers' comp documentation must live in a separate locked file from the general personnel file under ADA and GINA confidentiality rules. Access restricted to HR and the named medical-records custodian.

Personnel records of registered persons must be retained for the duration of employment plus three years; supervisory records under Rule 3110 follow the firm's WSPs (typically six years). Tag records in the document system with the correct retention class on intake — backfilling is a recurring exam finding.

Any disciplinary action against a registered person — written warning, fine, suspension — may be a reportable event under FINRA Rule 4530 and a U4 amendment trigger. Review with the CCO before placement in the personnel file.

Build the annual calendar covering AML/BSA training (annually for all covered employees), cybersecurity, Reg BI/fiduciary, privacy under Reg S-P, and information barriers. Use a tracking platform — ComplySci, RIA in a Box, or LMS modules — that timestamps completion per employee.

California, New York, Illinois, Connecticut, Delaware, Maine, and Washington each impose distinct content requirements and deadlines (California's SB 1343: two hours for supervisors, one hour for others, within six months of hire). Deliver the version that matches the work-state, not just the firm's HQ-state version.

Rule 204A-1 requires every access person to acknowledge receipt of the code of ethics on hire and annually thereafter, and to disclose securities holdings within 10 days of hire and quarterly transactions thereafter. Capture both the acknowledgment and the initial holdings report.

Firm Element is the firm's annual needs-analysis-driven training for covered registered persons. Regulatory Element is FINRA's annual continuing education for each registered representative. Failure to complete Regulatory Element results in CE-inactive status and inability to perform registered functions.

Most firms run a 30-day new-hire enrollment window. Walk the employee through medical, dental, vision, HSA/FSA, 401(k) with match formula, group life, LTD, and any deferred-comp plan. Capture elections in the benefits administration platform before the window closes.

ERISA requires the Summary Plan Description within 90 days of plan eligibility, and 408(b)(2) covered service provider disclosures to plan fiduciaries. Document delivery method (electronic delivery requires affirmative consent or DOL safe-harbor conditions met).

DOL deems contributions late if not remitted as soon as administratively feasible — for small plans, the safe harbor is seven business days. Late remittances are a prohibited transaction requiring Form 5330 and lost-earnings makeup. Reconcile every payroll against the recordkeeper deposit.

Form 5500 is due by the last day of the seventh month after plan year end (July 31 for calendar plans), with a 2.5-month extension via Form 5558. Plans with 100+ participants require an independent audit attached. Coordinate with the recordkeeper and ERISA auditor early — the audit drives the schedule.

Cover any outstanding client matters, restrictive covenants (non-solicit, confidentiality), return of firm property, and ask the standard set of compliance questions: any unreported customer complaints, gifts received, outside business activities, or off-channel communications. Notes feed the U5 narrative if the separation involves disclosable events.

Revoke access to custodian portals (Schwab, Fidelity, Pershing), CRM (Salesforce, Wealthbox, Redtail), portfolio system, email archive, and VPN within hours of separation — same-day for involuntary terminations. Recover laptop, hardware tokens, badges, and any printed client records. Coordinate with IT on a written access-removal log.

Final-pay timing varies sharply by state — California requires immediate payment on involuntary termination; Massachusetts requires same-day; Texas allows next regular payday. Include accrued PTO per state policy and any earned commissions per the comp plan. Misses are wage-claim exposure, not just HR cleanup.

The plan administrator must send the COBRA election notice within 14 days of being notified of the qualifying event. Use the DOL model notice. Document the mailing date and method — late COBRA notices are a top DOL audit finding and a frequent class-action target.

Capture whether the separation is voluntary, involuntary without cause, or for cause. For-cause terminations involving fraud, theft, customer harm, or compliance violations are reportable on Form U5 and trigger Rule 4530 considerations. The CCO drafts the U5 narrative; HR provides the underlying file.

FINRA requires U5 filing within 30 days of termination; copy delivered to the former rep within the same window. The reason-for-termination narrative must be accurate and complete — defamation suits and FINRA arbitration over U5 language are common. CCO reviews the narrative before submission.