Let me tell you about a pattern I see more often than I’d like.
A small business owner comes to me not because they were planning ahead, but because something already went wrong. A termination that was handled poorly. An offer letter that created an unintended contractual obligation. A leave request that was denied without any documentation of why. A harassment complaint that wasn’t investigated because the owner didn’t know they were supposed to investigate it.
In most of these situations, the problem wasn’t bad intent. It was the absence of any compliance infrastructure at all.
HR compliance has a reputation for being the boring, defensive side of running a business. And I understand why founders deprioritize it. It doesn’t generate revenue, it doesn’t show up in your sales numbers, and if nothing has gone wrong yet, it can feel like something you’ll deal with when you get bigger.
Here’s the problem with that logic: compliance risk doesn’t scale with headcount. A business with five employees can face the same EEOC complaint or wage and hour claim as a business with five hundred. The stakes are often higher for smaller businesses because they have fewer resources to absorb the impact.
So what are the compliance issues that small businesses are most likely to ignore? A few show up consistently.
Misclassification of workers is at the top of the list. If you’re treating employees as independent contractors, or classifying people as exempt from overtime without actually meeting the legal criteria, you have exposure. The IRS and your state labor board have very specific tests for these determinations, and “that’s how we’ve always done it” is not a defense.
Termination process is another one. At-will employment means you can generally terminate someone without cause, but it doesn’t mean you can terminate someone without documentation, without consistency, or in a way that looks retaliatory if it follows a protected activity. How you end the employment relationship matters enormously.
Leave management is consistently underestimated. FMLA, ADA accommodations, state-specific leave laws: these overlap in ways that are genuinely complicated, and small businesses often handle them informally in ways that create real risk. “We just let her work part-time while she was going through treatment” sounds compassionate, but if you didn’t document the accommodation process, you may have a problem if that relationship ends badly later.
And then there’s the documentation gap. Investigations, performance management, disciplinary actions all need to be recorded in real time, not reconstructed after the fact. The absence of documentation doesn’t just create legal exposure. It makes it nearly impossible to manage performance consistently and fairly.
I want to be clear about something: my compliance work is advisory, not legal practice. I’m JD-informed, and I build compliance infrastructure, including policies, frameworks, processes, and training, but I’m not your attorney. For anything that’s already in litigation, you need a lawyer.
What I can do is help you build the foundation that makes many of these problems less likely to reach that point. An HR audit that tells you where your real exposure is. A policy library that actually reflects how your business operates. A termination framework so that hard conversations happen consistently and documentably.
Compliance infrastructure isn’t about being afraid of your employees. It’s about running a business that can defend how it treats people. Most of the time, when I work with a founder on this, they discover their instincts are actually pretty solid. They just needed to write it down.
That’s the work. Let’s do it before something forces the conversation.