FAQs

Offices

Topics

 

TikTok

No. Faculty, staff, and student-employees are prohibited from conducting official System Enterprise business on any personal device on which TikTok and other Covered Applications are installed?

No. The regulation does not apply to personal devices that are not used to conduct official business.

Official System Enterprise business is any and all transactions and communications related to the operation of UNT, UNT Health Science Center, UNT Dallas or UNT System Administration.

Covered Applications means TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited, as well as social media applications or services identified and announced by the governor under section 620.005 of the Texas Government Code. The complete definition can be found in UNT System Regulation 06.5000.

No. Checking your UNT, UNT Health Science Center, UNT Dallas, or UNT System email account is official System Enterprise business.

No. Opening a TikTok video will not automatically install the application on your personal device. The app requires your permission to install it on the device.

Faculty and staff employees are subject to disciplinary action, including termination. Student-employees are subject to disciplinary action under the staff discipline policy as well as the student code of conduct.

 

Executive Order GA-48

An executive order is a directive from a state’s governor (or the President of the United States) that manages the operations of the state’s government.  Executive orders have the force of law and must be followed by the state’s agencies and their employees (including Texas public institutions of higher education and their faculty and staff employees).

On November 19, 2024, Governor Greg Abbott issued Executive Order 48 – Hardening of State Government. The order is intended to protect the State of Texas sensitive and critical infrastructures from certain entities designated as foreign adversaries by the U.S. Department of Commerce: China (including Hong Kong), North Korea, Iran, Cuba, and Russia (“Designated Countries”); and Venezuelan President Nicolas Maduro. The executive order has direct implications for the UNT System and its component institutions, and for its faculty and staff employees.

The Commerce Department has determined that the designated countries and foreign leader “have engaged in a long-term pattern of serious instances of conduct significantly adverse to the national security of the United States or security and safety” of individuals in the U.S.

Critical infrastructure is defined as a communication infrastructure system, cybersecurity system, electric grid system, hazardous waste treatment system, or water treatment facility.  Texas Business & Commerce Code, section 117.001(2).

No. At this time, faculty and staff employees are prohibited from traveling to these countries to conduct official UNT System business. The executive order does not apply to business travel to Venezuela.

No. The executive order prohibits employees of all Texas public universities and state agencies from accepting any and all gifts from the designated countries, including paying for travel expenses.

No. Faculty and staff employees may travel to the designated countries for personal reasons.  However, the order requires individuals to notify the UNT System before departing to one of the countries on personal travel. The executive order also requires individuals to provide certain information about the trip upon return.  The executive order does not apply to personal travel to Venezuela.

Faculty and staff employees should provide the required notice using the UNT System Personal Travel to Countries Designated as Foreign Adversaries Notification Form before departure. This form asks for: the UNT System component; First and Last Name; Destination Country; Travel Begin and End Dates; Form Acknowledgement.

Faculty and staff employees should provide the required post-travel information using the UNT System International Personal Travel Post-Trip Summary Notification Form, after you return from your trip.  The post-travel form asks for: the UNT System component; First and Last Name; Destination Country; Travel Begin and End Dates; and Purpose of Travel.

The information is being collected solely for the purpose of complying with Executive Order GA-48.  The individual’s campus institutional compliance program will retain the information in accordance with state records retention laws.

 

Organizational Compliance 101

Compliance - sometimes referred to as organizational or institutional compliance -  is a framework for facilitating adherence to federal and state laws and policies that govern the organization and for promoting ethical and lawful decision-making and conduct on the part of the organization’s employees. At the UNT System Administration, this includes incorporating the System’s ethics and standards of conduct, and its values into daily operations; knowing and following the laws and policies that affect these operations; educating ourselves on the functions we perform that can expose the System Enterprise to legal and regulatory repercussions; and devoting time and other resources to preventing and detecting violations of law and policies that give rise to risks associated with failing to comply with these laws and policies (i.e. “compliance risks”). 

High-profile scandals in the 1970s and 1980s highlighted the widespread practice of companies bribing politicians and government officials. In 1991, the Federal Sentencing Guidelines were promulgated in an attempt to bring greater consistency in sentencing, including sentencing organizations that were convicted of violating federal law.

See Pew Research Center's article Public Trust in Government: 1958-2024

The Guidelines: (1) incentivize organizations to self-police their corporate behavior; (2) provide guidance on effective compliance and ethics actions organizations can take to demonstrate a good-faith effort to self-police; and (3) hold organizations accountable based on defined culpability factors.

See United States Sentencing Commission. “The Organizational Sentencing Guidelines: Thirty Years of Innovation and Influence. August 2022.

High-profile scandals over the decades, such as ABSCAM and Iran-Contra, demonstrate why organizational compliance, accountability and responsibility is not limited to the private sector.

Compliance programs foster compliance with the law, which contributes to an organization’s effectiveness and mission accomplishment, including by eliminating the disruption and diversion of resources resulting from investigations into suspected misconduct.  Practically, when determining whether to prosecute an organization for criminal conduct, the Department of Justice considers the “adequacy and effectiveness of the corporation’s compliance program” both at the time of the alleged conduct and at the time the federal government is deciding whether to prosecute. See DOJ Justice Manual 9-28.000 - Principles of Federal Prosecution of Business Organizations.

UNT System Regulation 02.1000 requires each component of the System Enterprise to have a compliance program that is designed to prevent and detect violations of law and policies; and that encourages all employees and individuals acting on behalf of the System to conduct themselves lawfully, honestly and with integrity, including preventing retaliation against individuals who make good faith reports of suspected misconduct. 

An organization’s employees can be sentenced to prison for violating certain federal and state laws. While organizations cannot be sent to prison, they can be prosecuted, fined, ordered to make restitution, and prohibited from receiving federal and state funds. The U.S. Department of Justice has made it clear that the prosecution of organizational criminal conduct “is a high priority.”  See “Overview of Organizational Guidelines” and DOJ JM9-28.800.

The Federal Sentencing Guidelines expect compliance programs to have eight components:

  1. Standards and procedures reasonably capable of reducing the prospect of criminal activity
  2. Oversight by high-level personnel
  3. Due care in delegating substantial discretionary authority
  4. Effective communication to all levels of employees
  5. Reasonable steps to achieve compliance, which include systems for monitoring, auditing and reporting suspected wrongdoing without fear of retaliation
  6. Consistent enforcement of compliance standards including disciplinary mechanisms
  7. Reasonable steps to respond to and prevent repeated violations once a violation is detected
  8. Promotion of an organizational culture that encourages a commitment to compliance and the law

When determining whether an organization’s compliance program is effective, the U.S. Department of Justice asks three “fundamental” questions:

  1. Is the compliance program well designed?
  2. Is the compliance program adequately resourced and empowered to function effectively?
  3. Does the organization’s compliance program work in practice?

See DOJ Criminal Division. “Evaluation of Corporate Compliance Programs.” Updated March 2023.

In 2005 the U.S. Department of Health and Human Services Office of the Inspector General published seven tangible requirements that a program must demonstrate in order to be effective:

  1. Written policies and procedures
  2. Compliance leadership and oversight
  3. Training and education
  4. Effective lines of communication
  5. Enforcement of Standards: incentives and consequences
  6. Risk assessments, audits, and monitoring
  7. Prompt response to detected violations and corrective action

See U.S. Department of Health and Human Services Office of the Inspector General. “General Compliance Program Guidance.”

 

Reporting Suspected Wrongdoing by Speaking Up

An employee or individual authorized to act on behalf of the UNT System who reasonably believes a System employee’s or vendor’s conduct violates law, Regents Rule, System Regulation, or policy is expected to speak up and report the suspected wrongdoing.  Other individuals are encouraged to report suspected wrongdoing.

Speaking up when we observe conduct that is not in the best interest of our UNT System community is a form of engagement. Speaking up also models exceptional standards by holding ourselves and others accountable.

Suspected wrongdoing can be reported in several ways, including anonymously:

  1. Notify your supervisor unless your supervisor is the person suspected of the wrongdoing.
  2. Notify the UNT System Administration Compliance and Ethics Program at compliance@untsystem.edu
  3. Online at the Compliance Trust Line (Reports can be made anonymously).
  4. Inform the Texas State Auditor’s Office if the suspected wrongdoing involves fraud, waste or abuse of public resources or the agency’s fraud hotline at SAO Fraud Hotline at 1-800-TX-AUDIT (1-800-892-8348).

Reporting suspected wrongdoing is in the best interest of the UNT System and the people we serve. To encourage a culture of accountability and compliance, the System prohibits retaliation against individuals who report suspected wrongdoing and has implemented a program to protect against retaliation. Also, the Texas Whistleblower Act protects employees who report unlawful activity in good faith from retaliation.

 

Difference Between Compliance and Internal Audit

"Compliance” - sometimes referred to as organizational or institutional compliance - is a framework for facilitating adherence to federal and state laws and policies that govern the organization, and for promoting ethical and lawful decision-making and conduct on the part of the organization’s employees. The Compliance & Ethics Program operationalizes this framework with a focus on establishing an organizational culture that is committed to ethical and lawful decision-making and on preventing and detecting violations of the law and policy (i.e. “compliance risks”). It also assists management officials continuously identify compliance risks and provides advice on controls to mitigate these risks.

According to the Institute of Internal Auditors, internal audit is “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes…[and] provides assurance that internal controls in place are adequate to mitigate the risks, governance processes are effective and efficient, and organizational goals and objectives are met.” See Institute of Internal Auditors “What is Internal Audit?”

The “Three Lines of Defense” model for risk governance depicts the difference between management, Compliance and Internal Audit this way:

  • First line: Management has the primary responsibility to own and manage risks associated with day-to-day operational activities. Other accountabilities assumed by the first line include design, operation, and implementation of controls.
  • Second line: The second-line function enables the identification of emerging risks in daily operation of the business. It does this by providing compliance and oversight in the form of frameworks, policies, tools, and techniques to support risk and compliance management.
  • Third line: The third-line function provides objective and independent assurance. While the third line’s key responsibility is to assess whether the first- and second-line functions are operating effectively, it is charged with the duty of reporting to the board and audit committee, in addition to providing assurance to regulators and external auditors that the control culture across the organization is effective in its design and operation. See Deloitte's “Modernizing the three lines of defense model – an internal audit perspective.”

UNT System Regulation 02.100 defines a “compliance risk” is an action or inaction that exposes an organization to legal or regulatory sanctions. These sanctions can be in the form of fines or penalties, or in some cases criminal prosecution. UNT System Administration employee and individuals authorized to act on behalf of the System Enterprise can expose the organization to sanctions.

Generally, a compliance risk exposes the System Enterprise to criminal liability or civil or administrative sanctions due to a violation of law or policy, including an ethics violation.  On other risk, such as environmental, financial, governance, operational, people, reputational/brand, social and safety, strategic, and technological, expose the System to other types of potential harm.

  • Read the UNT System Administration Ethics and Standards of Conduct policy and model exceptional ethical behavior
  • Read the Reporting Suspected Wrongdoing policy and demonstrate courageous integrity by speaking up when your training and experience leads you to believe wrongdoing has occurred.
  • Stay current on your ethics and compliance-related training (e.g. conflict of interest, dual employment and outside activities, nondiscrimination, prohibition against sexual assault/ harassment, information security, and privacy).

Be curious and explore the Compliance and Ethics Program webpage often. You will find information about compliance in general, compliance news you can use in your daily professional activities, and more.

 

Compliance Review of Regulations and Policies

A policy is a governing principle that communicates and supports the organization’s values, standards and expectations; guides the behaviors, decisions and actions of employees and other individuals in their interactions with the UNT System and it’s component institutions; ensures compliance with applicable laws, UNT System Regents Rules, System Regulations and component institution policies; promotes the efficient and effective use of UNT System resources; and manages organizational risks. For a policy to be enforceable, it must be approved in accordance with UNT System Regents Rules 02.200.

Yes.  A policy sets out the principles that guides the organization and must be approved by the chief executive officer of the UNT System or the particular component institution, and reviewed by the UNT System Office of General Counsel for legal sufficiency. Once approved for legal sufficiency and approved by the chief executive officer, UNT System policies are published in each organization’s policy manual. A procedure is the process that outlines how a policy will be implemented and can be approved by the official responsible for administering the function or operation addressed in the policy. Procedures may be included in documents such as guidelines and handbooks.

Effective policies are essential to an effective compliance program. An organization’s policies – “from appropriate assignment of responsibility, to training programs, to lines of reporting and communication, to systems of incentives and discipline” – should contribute to the integration of compliance into its “operations and workforce.”  U.S. Department of Justice Criminal Division “Evaluation of Corporate Compliance Programs” (Updated September 2024). The compliance review assists management officials, as the policy owners, fulfill their responsibilities to ensure policies address risks that could expose the organization and its employees to criminal, civil and regulatory sanctions. DOJ Evaluation of Corp Compliance Program Guidance - Sept. 2024

Generally, the compliance policy review consists of:

  • assessing whether a policy addresses a function or activity that could result in criminal, civil, or regulatory sanctions;
  • assessing whether a policy aligns with applicable laws and policies (in consultation with the Office of General Counsel which is solely responsible for determining whether policies comply with applicable laws, Regents Rules, System Regulations and component institution policies);
  • recommending measures that can be included in policies to prevent and detect possible violations of laws and policies;
  • evaluating the adequacy of proposed measures in managing compliance risks;
  • evaluating the impact, likelihood and velocity of compliance risk(s) addressed in the policy; and
  • identifying areas where policies can facilitate ethical and value-based decision-making and conduct.

The full scope of the compliance review is in the UNT System Administration “Compliance & Ethics Program Regulation and Policy Review Guide.”