Cornell is launching a compliance office to help units and programs across the university navigate a crowded field of federal and state regulatory requirements.
The office will provide education and outreach so that the units can better understand how to comply with these regulations, and it will ensure transparency for university policies and procedures while minimizing the administrative burden of compliance.
“There are already responsible executives for many regulations, for instance in financial aid, research, athletics and Weill Cornell billing,” said Joanne DeStefano, executive vice president and chief financial officer for the university. “But the regulations are complex, they change quickly, and often they span multiple areas of control. This new office will ensure that the university as a whole meets our compliance requirements, ultimately saving time and money that is otherwise spent on addressing compliance challenges.”
The office will report to DeStefano and to the chair of the Audit, Risk and Compliance Committee of the board of trustees. Christine Stallmann has been named chief compliance officer; Alexis Brubaker is associate compliance officer.
Stallmann most recently served as associate vice president in the Department of Environmental Health and Safety and Risk Management. She has 17 years of experience in industry, primarily involving safety, risk and compliance management, as well as auditing.
Brubaker was previously the university’s biological safety officer and project director for Cornell Occupational Health, Safety and Environmental Compliance, a campuswide IT implementation. In addition, she completed a two-year fellowship program at the National Institutes of Health and has served as a liaison for regulatory compliance and risk reduction with multiple government entities.
One of their first tasks will be creating a compliance committee that incorporates current compliance officers and new representatives from units and programs.
The office’s initial focus over the next 18 months will be Higher Education Act requirements as they apply to the Ithaca campus, followed by Weill Cornell Medicine and Cornell Tech. A second phase will focus on privacy, and a third will address regulations outside of the Higher Education Act. The office will be concurrently managing emerging risks, working with senior leadership, and integrating policy and compliance.
Stallmann and Brubaker are organizing a workshop this winter to kick off their outreach and education efforts with compliance partners from across the university. They are also compiling a matrix that lists compliance acts and regulations to help campus partners review their regulatory responsibilities, and an assessment to determine whether appropriate policies are in place.
When gaps in compliance are identified, a closure plan will be developed and monitored in collaboration with key stakeholders.
“What we’re really looking at is carrying out Cornell’s academic mission with integrity and in accordance with the university’s legal, regulatory and ethical responsibilities,” Stallmann said. “We want to operationalize the process. Together with the units, we can minimize the administrative burden of compliance and prevent costly mistakes.”
Universities nationwide are facing the challenge of observing a range of often disparate regulations, from local fire codes to state cybersecurity laws to U.S. Department of Agriculture permits, and Occupational Safety and Health Administration requirements.
“Each unit could in theory be responsible for more than 200 regulations just in their own portfolio,” Stallmann said. “You’re regulated when you start your grant. Permits for the buildings we work in. The trucks that we plow the streets with. Food handling. Hiring and recruiting. Regulatory compliance touches many aspects of how we do business.”
“The problem that I’ve seen is sometimes people don’t even know when they’re not in compliance,” DeStefano said. “The new office will support the unit compliance offices in meeting their regulatory obligations.”
Many academic institutions have been moving toward a similar compliance model, including the State University of New York, which is establishing a formal, systemwide compliance program.
Cornell’s compliance office will feature a transparent, nonpunitive process that is as much cultural as it is organizational, according to Stallmann and Brubaker.
“If you don’t know the regulation applies, we can help you,” Stallmann said. “That’s not punitive. That’s education and outreach. People need to know. The goal is to reduce risk and help people close their gaps by building partnerships and trust. We’re here to serve the people and the institution.”
Compliance will ultimately remain the responsibility of individual units and programs, with the new office providing a consistent, efficient and centralized system so that all divisions of the university meet their regulatory requirements and mitigate risk.