HR Compliance Checklist

Pull the I-9 binder (or E-Verify export) and confirm Section 1 was completed by the end of day one and Section 2 within three business days of hire. Reverification dates on List A documents (EAD, passport stamp) are the most common miss — flag any expiring within 90 days.

Tie every active employee in the payroll register to a current federal W-4 and the state-equivalent (CA DE-4, NY IT-2104, etc.). Default-withholding employees with no form on file are a documentation gap auditors flag immediately.

Federal law requires reporting new hires to the state directory within 20 days (some states require less — NY is 20, MA is 14, NC is 20). Spot-check the last quarter's hires against the payroll provider's confirmation log.

Sum all four quarterly 941s and tie wages, FIT, SS, and Medicare to the year-to-date payroll register. Any variance over $50 should be tracked to a specific cause (third-party sick pay, imputed income on GTL, S-corp shareholder health) before W-2s issue.

City and county minimums often exceed state (Seattle, San Francisco, Denver, NYC). Pull a wage report by work location and compare against the current rate table. Tipped-employee minimums and youth minimums are separate columns — don't apply the standard minimum to a tipped server.

Run the duties test and salary-basis test for every salaried employee. The 2024 federal threshold rose to $43,888 (Jul 1, 2024) and $58,656 (Jan 1, 2025); several states (CA, NY, WA) sit higher. Misclassified office managers and assistant managers are the perennial DOL audit finding.

The IRS lookback period (Jul 1 – Jun 30) determines monthly vs. semiweekly depositor status for the coming year. If aggregate 941 liability exceeded $50K, the firm is semiweekly. Notify payroll provider of any change before January 1.

Headcount and FTE drive ALE status (50+ FTE under the ACA), FMLA coverage (50 within 75 miles), and state-specific thresholds. Use the prior-year monthly average for ALE; use a 12-month lookback for FMLA. State list determines which jurisdictions need handbook addenda.

Post WH-1420 in every break room and include the notice in the handbook. Issue the eligibility notice (WH-381) within five business days of any leave request. Track FMLA hours by rolling 12-month period — calendar-year tracking is the most-litigated FMLA error.

Furnish 1095-Cs to employees by March 1 (auto-extended from Jan 31) and e-file 1094-C with the IRS by March 31. Confirm offer-of-coverage codes (1A, 1E, etc.) and safe-harbor codes on Line 16 — wrong codes generate Letter 226-J penalty notices a year later.

The plan document must be in writing before the start of the plan year — no retroactive adoption. Re-execute if FSA limits, dependent care limits, or HSA contribution changes apply. Without a current Section 125 plan document, every pre-tax deduction becomes taxable.

DOL safe harbor for plans under 100 participants is 7 business days from each pay date; larger plans must remit as soon as administratively feasible. Late deferrals require Form 5330 and lost-earnings calculations — pull the trust statements and tie remit dates against pay dates for the full year.

Confirm separation of medical (ADA), I-9, and benefits enrollment from the general personnel file. FLSA payroll records: 3 years. ADEA / EEOC: 1 year past separation. ERISA: 6 years for benefits. Purge files past retention to limit discovery exposure.

I-9s must be producible within three business days of an ICE Notice of Inspection. Keep active employees' forms in one binder and terminated employees in a second (retained for 3 years from hire or 1 year from termination, whichever is later). Never co-mingle with other personnel records.

Private employers with 100+ employees and federal contractors with 50+ employees and a contract of $50K+ must file EEO-1 Component 1. Use a workforce snapshot from any pay period in October–December.

Upload via the EEOC Component 1 portal. Reconcile race/ethnicity and sex data against self-ID surveys; visual identification is allowed only when employees decline to self-identify. The portal's typical filing window opens in spring with a deadline 8–10 weeks later.

The Written Information Security Plan must be reviewed annually and after any material change. Document the data inventory, access controls, vendor due diligence, and incident response procedure. FTC Safeguards Rule enforcement extended to firms holding employee SSNs and bank data, not just tax preparers.

Summary of work-related injuries posts in a conspicuous location for all three months. Establishments with 250+ employees, or 20+ in high-hazard industries, also e-file via the OSHA ITA portal by March 2.

Log every recordable injury within seven calendar days of notification. Recordable means days away, restricted duty, transfer, medical treatment beyond first aid, or loss of consciousness. First aid is not recordable — confirm the line between Tylenol (first aid) and prescription strength (recordable).

HazCom (29 CFR 1910.1200) is universal; bloodborne pathogens (1910.1030), respiratory protection (1910.134), and forklift (1910.178) are role-specific. Track completion in the LMS and retain certificates for the duration of employment plus one year.

Each state's workers' comp poster lists the carrier, claims phone, and panel of physicians where applicable. Remote-only workforces still need digital distribution — email plus handbook acknowledgment is the typical compliance path.

Refresh protected-class lists for every state where employees work — pregnancy accommodation (PWFA), CROWN Act hair protections, and gender identity have all expanded recently. Re-issue the handbook with a signed acknowledgment if material changes were made.

California (SB 1343), New York (incl. NYC), Illinois, Connecticut, Delaware, Maine, and Washington mandate sexual harassment training with specific cadence and content. CA requires 2 hours for supervisors and 1 hour for non-supervisors every two years; NY requires annual.

Use the state-published curriculum (CA DFEH course, NY DOL model) or a vendor with state-approved content. Track completion with an attestation signed by each employee — verbal confirmation is not defensible at hearing.

Maintain a written intake procedure with at least two reporting channels (so an employee never has to report to the alleged harasser). Log the date received, investigator assigned, interim measures taken, and disposition. Retaliation claims hinge on contemporaneous documentation.

The HR lead and a senior officer (CFO or Managing Partner) jointly sign off on completion. Note any open items requiring remediation and the target close date. File the signed review in the compliance archive.