HR Compliance Checklist

Section 1 is completed by the employee on or before day one; Section 2 by the employer within three business days. Use the current USCIS edition (it gets reissued) and accept only the List A or List B+C document combinations — over-documenting is itself a violation.

Federal W-4 plus the state equivalent where applicable (NY IT-2104, CA DE 4, etc.). Don't carry over a prior year's form for a rehire — withholdings start fresh on the first pay cycle.

Obtain FCRA-compliant written consent before pulling, and prepare the pre-adverse action notice template in case the report surfaces a disqualifier. Ban-the-box jurisdictions (CA, NYC, Chicago, and many others) restrict when criminal history can be requested — confirm the rule for the work location, not just the headquarters state.

California (SB 1343), New York, Connecticut, Illinois, and Delaware all mandate harassment training with specific deadlines — typically 30 to 90 days from hire, with retraining every one or two years. Capture completion in the LMS as audit evidence; verbal training without records won't survive a state agency inquiry.

Apply the FLSA duties test (executive, administrative, professional, computer, outside sales) plus the salary threshold — $684/week federal, with state overrides such as California's higher figure. Misclassification is among the most expensive HR mistakes: back wages, liquidated damages, and attorney fees, often class-wide.

Federal floor is $7.25, but most jurisdictions sit well above it and several cities (Seattle, NYC, Denver, West Hollywood) set their own. Tipped employees follow separate cash-wage rules under FLSA Section 3(m); confirm the tip credit is allowed in the work state before relying on it.

Non-exempt overtime is 1.5× the regular rate beyond 40 hours/week federally — California layers daily OT over 8 hours and double-time over 12. The regular rate must include non-discretionary bonuses and shift differentials, not just base wage; this is where most payroll-system defaults are wrong.

ACA-applicable large employers must offer coverage to full-time employees (30+ hours) within a waiting period not exceeding 90 days. Document the offer and any waiver — IRS Form 1095-C reporting depends on it, and a missing offer is what triggers the §4980H(a) penalty.

Federal: FLSA, FMLA, EEO, USERRA, OSHA, EPPA. Add state-specific notices like CA pregnancy disability or NY paid family leave. Order updates annually from DOL or a vendor such as GovDocs — outdated posters are easy citations during a wage-and-hour audit.

ICE inspections require I-9 production within three business days. Keeping I-9s in personnel folders mixes them with information ICE has no right to see — use a dedicated binder or digital folder. Retention is three years from hire OR one year from termination, whichever is later.

Three years for payroll records and CBAs; two years for time cards, wage rate tables, and records explaining wage differentials between sexes. State law often requires longer — California's four-year rule under Labor Code 1174 is a common trip-up for multi-state employers.

Medical records — including ADA accommodations, FMLA certifications, and workers' comp paperwork — must be stored separately from the general personnel file under the ADA. Maintain access logs; states like California (Labor Code 1198.5) and Connecticut grant employees the right to inspect their own file on request.

Establishments with 10+ employees must keep the 300 log unless they fall into a partially exempt low-hazard industry (NAICS list). The 300A annual summary is posted February 1 through April 30 — reconcile its totals to the individual incident reports filed during the year before signing.

OSHA 1910.38 requires a written emergency action plan and trained employees; many state plans (CA Cal/OSHA, MIOSHA) layer on minimum drill frequencies. Document attendance, the route used, and time-to-muster — that's the evidence an inspector asks for, not just the existence of the plan.

The Hazard Communication Standard (1910.1200) requires SDSs for every hazardous chemical on site, accessible to employees during their shift. When a vendor reformulates, the SDS revision date changes — flag any sheet older than the current product label and pull a fresh copy from the manufacturer.

Each OSHA recordable triggers a 301 Incident Report within seven calendar days. Severe injuries — fatality, in-patient hospitalization, amputation, or loss of an eye — have separate 8-hour and 24-hour reporting windows via 1-800-321-OSHA or the online portal; missing those is a willful violation.

Cover the Title VII, ADEA, ADA, GINA, and PWFA classes plus state add-ons (sexual orientation, gender identity, citizenship status, salary history, hairstyle under CROWN Act states). Provide at least two complaint channels so employees aren't forced to report through their alleged harasser.

EEO-1 Component 1 is required for private employers with 100+ employees and federal contractors with 50+. The workforce snapshot is taken from any pay period in October through December; the EEOC filing portal opens the following spring.

Submit through the EEOC online filing portal by the published deadline (typically June). Crosswalk payroll-system race, ethnicity, and gender data against the ten EEO-1 job categories — the mapping exercise usually surfaces miscoded employees, especially in mixed individual-contributor and lead roles.

Cover the duty to report, the retaliation prohibition, documentation standards, and the line between fact-finding and adjudication. EEOC enforcement guidance treats untrained supervisors as a contributing factor in employer liability — "my manager didn't know what to do" doesn't reduce exposure.

Eligibility requires 12 months of employment, 1,250 hours worked in the prior 12 months, AND a worksite with 50+ employees within a 75-mile radius. The 12 months don't have to be consecutive; the 1,250-hour count uses FLSA hours-worked rules, so PTO and holidays don't count.

Form WH-381 (Notice of Eligibility and Rights & Responsibilities) plus WH-380-E or WH-380-F for medical certification, all within five business days of the leave request. Failure to provide notice can waive the employer's right to count the absence against the 12-week entitlement.

The ADA requires a good-faith interactive process — record the limitation, the requested accommodation, alternatives considered, and the chosen outcome. JAN (askjan.org) is the EEOC-endorsed resource for accommodation ideas. Failing to engage in the dialogue is itself a violation, separate from whether the accommodation is granted.

FMLA leave is taken in the smallest increment the timekeeping system records, usually 15 minutes or less. Use the rolling-backward 12-month measurement unless policy specifies otherwise; switching measurement methods mid-year requires 60 days' notice to all employees.