Cover Compliance Blog - News, Opinions, Tips, and More

Learning from Tanning Salon Noncompliance Study

This is the first of our ongoing “use case” blog posts, where we take off from a real news story to explore key compliance principles. For a more detailed explanation of how our posts tagged with the “use case” label will work, see our other post from today.

The News Story - Study Finds Salons Commonly Fail to Comply with Teen Tanning Rules
This first “use case” post is interesting because it illustrates just how universal the need for a compliance program can be. And it shows a key way you might figure out what to include in your own compliance program, by looking at what outsiders (whether regulators, auditors, or, as in this case, researchers focused on your product or industry) may use to investigate your industry.

Articles about this study showed up twice in my Google news search for “compliance” a couple weeks ago (and it’s taken a while to get this first post ready to go). The first result was a story from a Virginia TV station that covered the underlying research study with particular attention to data from Kentucky and Tennessee and the second was a longer article from Reuters Health.

Here’s an excerpt from the October 31, 2017 WCYB New 5 story:
New research shows when it comes to compliance with laws regarding minors and the use of tanning beds, Tennessee is among the states with the lowest compliance.

Doctors from the University of Wisconsin and Loyola University surveyed 427 tanning salons in 42 states and Washington-D.C. from February 2015 through April 2016. The researchers called each salon posing as minors attempting to schedule a tanning appointment and 159 of the salons were found to be out of compliance with laws regulating tanning use by teens under the age of 18.

In Tennessee, only 40% of the salons surveyed were compliant and denied researchers posing as teens trying to set up a tanning appointment. In the state, parental consent and an accompanying adult is required for indoor tanning.


And from the longer Reuters Health article that provides more details about the underlying study and the root causes of lower compliance rates:
Tanning facility employees were asked about session costs and whether a parent needed to be present to consent to the tanning session.

Overall, 159 salons, or 37%, failed to follow state laws restricting access for minors, the study found. The most common lapse was allowing teens to book appointments without permission from a parent in states that required parental consent. Complicated laws were linked to higher rates of noncompliance. ...

Tanning salons were less likely to follow state laws in rural areas, the South, and in states where laws applied only to younger minors aged 15 or less, the study found.

Independently owned salons were also less likely to comply with state laws than chain establishments.

Longer article from Reuters on November 1:

This is just one tiny element of spa and salon compliance regulations in at least 42 states. In Kansas where Cover Compliance is located, the state cosmetology board’s tanning salon rules and regulations alone (meaning they don’t address all the other non-tanning services rules) are found in a 12-page document that communicated the relatively-new rules that came about in 2016.

We don’t mean to overemphasize this one requirement, but it is worth using to illustrate one part of how a tanning salon might begin to address its compliance program.

Understanding the Requirements
The first step for defining any part of a compliance program is to have a good understanding of the applicable regulations. Sometimes this can be challenging, but at the state level, regulations like this that are so specific to one aspect of a small business’s operations tend to make sense to those who are already operating in that industry, so reading and understanding them isn’t the biggest challenge. Finding them, and knowing that you’ve found them ALL could be a challenge though.

In the tanning salon case, as I noted in Kansas, there is a 12-page document that provides the primary rules for tanning salons as provided by the state cosmetology board. But that state board likely also has other compliance rules documents that apply to a salon based on other services it may offer. And outside of that “primary regulator” source, there are the other parts of the salons’ operations that are regulated by other bodies—like how they handle marketing to potential customers—and those might exist at federal and local levels as well as state.

Getting Help - From Surprising Sources
Small business owners often overlook some of their best sources of assistance both with finding all the rules that might apply to their business and with making sure they have a practical understanding of how the rules might impact their operations: State regulatory offices, local city halls for help with ordinances, and even your actual federal, state, and local government representatives.

At state and local levels you should have more direct access to assistance with clarifying your understanding, whether that is through reaching out to your overall government representatives or contacting the regulatory body directly. Very often a well-intentioned small business that is trying to comply can forge a relationship with their regulator that will give them assistance when they need it and well ahead of regulatory deadlines, and that will lower their risks of noncompliance. (Granted, absent that kind of intent and willingness to act on the information, you would be better off not placing yourself on any regulatory radar. But such people aren’t likely reading this.)

In my experience, this is one part of compliance management where smaller entities are at an advantage over larger organizations. As many large corporate entities make their compliance decisions from a more formal “risk vs. reward” evaluation, very seldom would a large organization voluntarily and routinely contact regulators (especially state regulators for big, multistage companies) to ask for help in making business decisions as this opens the door to regulator attention in general. Again, my presumption in recommending this approach is that you are legitimately trying to do what’s right AND that you are willing to do the work of complying.

Once the tanning salon (or other small business) has an understanding of the regulations involved, they need to figure out how the regulations and their businesses align and address any gaps or conflicts between the two. We’ll save a discussion of this kind of “gap analysis” for another post. Just understand for now, that it’s helpful to do some formal look at applicable rules alongside your actual business operations.

Governance Policy Statements
Once the tanning salon has an understanding of the regulations and how they align with their actual business practices, the business needs to create a high-level governance policy statement to cover that area. In Cover Compliance’s approach, we try to be clear that this is a policy STATEMENT not a policy DOCUMENT. This is the short,“commandment-styled” language that says at a very high level what must be done or must not happen. For the balance of this post, we’ll focus on governance policy statements.

To use a quick Biblical reference, if the commandment to which you are trying to assure compliance is “Thou shalt not steal,” then a related governance policy statement might be something like “We do not steal.” It can be as simple as that.

To take the underlying example here—tanning salons and tanning by minors—in a state like Kansas, the policy statement might be something like:

We do not permit anyone under 18 to use our tanning services.

For a state that has a bit more complexity to its rules, such as Tennessee, the governance policy statement might be something like:

We do not permit anyone under 18 to use our tanning services without parental consent and an adult being present at the time of any services.

Simplify to Minimize Impact of Differing Regulations in Different States
This example of how a governance policy statement might differ for Kansas vs. Tennessee provides an opportunity to discuss the impact of variations in regulations and some ways to simplify compliance in the face of such variation.

A small business that maybe has locations in more than one state, might decide to simplify their compliance to make operations easier to manage, to understand, and to communicate about internally and to interested outside stakeholders such as business associates and vendors—or even auditors and regulators. So, in this example, to minimize the risk of a compliance failure with that Tennessee quirk and to simplify operations, a company with salons in several states, including Tennessee, might make its own compliance policy statement related to teen tanning, for all states where they have salons simply:

We do not permit anyone under 18 to use our tanning services.

The key here is that you can always use a more business-limiting approach to simplify your compliance management and allow you to focus more on your actual business, but you can’t go the other direction. As the Reuters article noted, “Complicated laws were linked to higher rates of noncompliance.” The same thing applies to the compliance management effort: Complicated compliance programs often lead to higher rates of noncompliance. And noncompliance with one’s own compliance program can REALLY cause trouble—no matter what line of business you’re in. Can you say “FTC investigation for unfair, deceptive, and abusive acts and practices (or UDAAPs)”?

I’ll close this out by making another comparison between small and large entities. Large entities can often afford to customize compliance locally in order to make sure they do not miss a single possible paying customer opportunity. Without getting into the ethics of that approach or discussing how hard it is to manage such varied compliance programs even for a resource-rich corporation, I’ll just say that small businesses usually have to be more creative with their solutions. And an approach to meet compliance obligations that simultaneously attempts to capture every possible customer stands a good chance of becoming something so complex it cannot be managed effectively and attempts to do so can have significant impact on the business’s day-to-day operations.

What We’re Leaving Out Here
We’ll save the discussions about what your actual documents—whether policies or procedures—might look like for another time. As we post more resource content to the Cover Compliance web site and continue sharing information here in the blog, there will be plenty of opportunity for you to see our thinking on the best alternatives for how you might write and structure your compliance documents.

Just to be clear, I’m not trying to make anyone believe that I am some kind of tanning salon or overall cosmetology services compliance expert. I just have a lot experience with the general process of looking at regulations and figuring out the practical impact of what they mean. I simply did a quick skim of the regulations here for purposes of this post about this one aspect of tanning salon regulations that is relatively new in Kansas (2016)—though the rest of the twelve-page Kansas Board of Cosmetology document governing tanning facilities of course would drive a WHOLE lot more of a tanning salon compliance program.

If I were to advise a tanning salon specifically as a client, I’d spend more time with the Kansas regulations and with my client. My goal here is to ever-so-slightly demystify compliance for ANY small business—while also making the point that almost any small business has some kind of compliance requirements (in the case of tanning salons in Kansas, at least twelve pages of requirements covering such things as notices to customers, hygiene, time limits for tanning, etc., aside from any other state regulated spa or salon services they might offer).

I’m also hoping to point just a bit toward how paying even a little bit of formal attention to your compliance program can help you better manage your business or healthcare practice and give you a leg up on their competition.

Please connect and share:

<< Back
What We Do
Privacy & data protection compliance programs simplified for smaller businesses that lack staff or resources to purchase and manage complex enterprise systems.
Stacks Image p62_n106
Cover Compliance LLC
Overland Park, KS in the Kansas City area

  • 1.816.226.6759