ÁÔÆæÖØ¿Ú

Please click here to download the pdf of the 2024-25 Institutional Compliance report.

Below is the report in plain text:

Institutional Compliance Framework  

UM’s commitment to legal and regulatory compliance is integral to fulfilling its vision and mission. The UM Director of Institutional Compliance guides and supports a consistent framework to ensure that UM employees are coordinated in their compliance roles and responsibilities.  The Federal government expects entities to “promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law” and to “exercise due diligence to prevent and detect” wrongdoing. Through the United States Sentencing Guidelines (USSG), the Federal government has provided guidelines for establishing and maintaining an effective compliance program. UM’s Compliance Framework reflects the essential elements of an effective compliance program identified by the USSG:  

1. High Level Oversight: University leadership and Ultimately Responsible Parties are made aware of the specific individuals in their functional areas who are designated with operational responsibility for each Compliance Matter Area. These leaders understand their responsibilities to ensure the designated individuals are adequately trained and educated for their compliance roles and that they receive adequate support. University Leaders also understand their role in creating a positive culture of compliance.   
2. Standards, Policies and Procedures: The University establishes reasonable standards, policies, and procedures to facilitate full compliance with Board of Regents policy, ÁÔÆæÖØ¿Ú state law, and federal law. These policies should be in writing, easy to locate, understandable, and reviewed and reasonably updated. They should be appropriate to each Compliance Matter Area.  
3. Communication, Education and Training: University leadership and Ultimately Responsible Parties periodically communicate standards, policies, and procedures to the campus community by conducting effective training programs and otherwise disseminating information appropriate to individual roles and responsibilities, and as required by relevant law and policy. Communication includes how to identify, and report concerns of non-compliance without fear of retaliation.  
4. Monitoring and Mitigation: The University takes reasonable steps to ensure that its ten Programs of Compliance are using the Framework in an effective and flexible way. This includes periodic monitoring of Compliance Matter Areas to understand the state of its compliance program and efforts to mitigate risks. 
5. Reporting, Response, and Culture of Accountability: The University provides informal and formal systems, such as an anonymous hotline, to employees so they may report compliance concerns or seek guidance regarding potential or actual misconduct without fear of retaliation. The University has a system(s) to respond appropriately to reports and to take actions to prevent further similar conduct, which may include sanctions or discipline.  

Programs of Compliance  

UM’s Institutional Compliance Program is organized around ten “Programs of Compliance.” The Director of Institutional Compliance maintains a matrix identifying the compliance obligations within each of the ten Programs of Compliance:  Accreditation, Advancement, Athletics, Business Operations, Campus Safety and Health, Civil Rights, Financial Aid, Privacy, Research Compliance, Student Affairs.   

The ten Compliance Programs are further divided into fifty-eight (58) Compliance Matter Areas. The Compliance Matter Areas evolve over time as laws and regulations are not static. Compliance Matter Areas typically have one office with a specifically assigned employee(s) responsible for the day-to-day or operational tasks associated with the compliance obligation(s) and, each Matter Area maintains its own compliance plan following the Framework elements.  

AY24-25 Institutional Compliance Initiatives Supporting Compliance Framework  

The Director of Institutional Compliance worked with colleagues across campus to provide needed guidance and support on existing compliance programs, new laws and policies.  Highlights of the work this year include the following.    

High Level Oversight: Enterprise Risk Management  

The Director of Institutional Compliance worked with a team from Risk, Audit, Legal and the Office of Strategic Planning to establish a broader framework and cadence for identifying, analyzing, and where appropriate, mitigating institutional risk and concurrent compliance needs. The team meets monthly to ensure the ERM framework provides actionable information.  

High Level Oversight: Support of Strategic Initiatives 

The Director of Institutional Compliance and UMLCC colleagues supported each of UM’s strategic initiatives as a proactive measure to look for challenges and opportunities that may arise through regulatory and policy demands on the planned initiatives. The Director of Compliance met with several project-leads to manage particular compliance concerns. 

High Level Oversight: Compliance Review and Federal Executive Orders 

Beginning in January of this year, the University, along with other Universities across the nation, reviewed numerous Executive Orders from the Federal Government. These prompted immediate compliance reviews and engagement across campus.  

Standards, Policies and Procedures: Support of UMLCC Policy Initiative 

The Director of Institutional Compliance and UMLCC colleagues have significantly enhanced the University Policy website to aid in access, review and introduction of new institutional policies.  

This past academic year, substantive revisions were made to the following policies: 

University Operating Policy 

Student Code of Conduct  

The following new policies were adopted: 

Academic Portfolio Review 

Academic Unit Operating Policy 

Export Control 

Communication, Education and Training: Support to OOLD’s Essential Compliance Education 

Education is a key pillar of UM’s Compliance Framework. Recognizing the need to empower all UM employees, not only new employees, the Director of Institutional Compliance supported the establishment of essential compliance education for all UM employees by offering a compliance framework and working with colleagues in OOLD to communicate with UM’s campus community and affiliate campuses about their compliance education. Through OOLD’s leadership, UM adopted a new platform, NEOED Learn, to share modules on FERPA, Digital Accessibility, Non-Discrimination, Cybersecurity, and Indian Education for All. It will be widely used for other educational opportunities and compliance training. UMLCC helped to write and produce the modules of Digital Accessibility and FERPA and will review new modules for legal accuracy where needed. This initiative will help all employees understand the laws and policies that shape their work and protect their community.   

Monitoring, Mitigation: Digital Accessibility Task Force 

In response to the Department of Justice’s April 2024 Digital Accessibility Final Rule, the Director of Institutional Compliance, who also serves as UM’s ADA Coordinator, established a Digital Accessibility Task Force to create a compliance plan for UM, to ensure compliance by the April 24, 2026, deadline and to sustain accessibility beyond that date. The new rule requires adoption of Web Content Accessibility Guidelines (WCAG) 2.1, Level AA as the technical standard for all university web and mobile content, including academic course materials and third-party digital content provided through contractual or licensing arrangements. The Task Force has met monthly and provided high-level oversight, coordination, and approval of compliance efforts. Cross-functional working teams have addressed key areas including web content, learning management systems and instructional design, library resources, procurement and third-party accessibility, social media, internal communications and training, and policy/legal compliance.  

Reporting, Response, and Culture of Accountability 

The University maintains an anonymous reporting hotline under the oversight of the ÁÔÆæÖØ¿Ú University System and UM’s internal auditor. The Director of Compliance meets with UM’s internal auditor to ensure appropriate response and necessary steps are taken to reports received through this hotline.