Editor’s note: We’re pleased to welcome Amanda Torres to TN Security Review. Amanda spent eight years as a compliance officer with the Tennessee Department of Commerce and Insurance before joining our team. Her regulatory expertise adds a new dimension to our coverage.
I spent eight years at TDCI reviewing files, conducting audits, and writing up violations against security companies that should have known better. Most of them weren’t bad operators. They were busy operators who let paperwork slide until it became a problem.
The Private Protective Services Act, codified at T.C.A. Title 62, Chapter 35, lays out clear requirements for every contract security company, proprietary security organization, and individual guard operating in Tennessee. The rules aren’t ambiguous. They aren’t hidden. They’re published, accessible, and updated regularly by the Private Protective Services Licensing Board.
Companies still get cited. Constantly.
This guide covers the violations I saw most frequently during my tenure, the audit process from the inside, and what you can do right now to make sure your company isn’t the next one facing fines or suspension.
The Top Reasons Companies Get Cited
1. Failure to Maintain Proper Employee Records
T.C.A. Section 62-35-126 requires licensed security companies to maintain records for every employee, including personal identification, dates of employment, training documentation, and registration status. These records must be available for TDCI inspection at any time.
The most common version of this violation: a company hires a new guard, puts them on a post within days, and doesn’t complete the personnel file for weeks. Sometimes months. I audited companies where the employee file consisted of a photocopy of a driver’s license and a handwritten start date on a sticky note. That is not compliance.
TDCI expects a complete file for every guard on your roster. Full legal name. Date of birth. Social Security number or equivalent identification. Date of hire. Training records with dates, topics covered, and instructor name. A copy of their TDCI guard registration card. If they’re armed, firearms qualification documentation including range scores, instructor certification, and the date of qualification.
When I walked into a company’s office for an audit, employee records were the first thing I asked to see. If you can’t produce a complete file for every active guard within a reasonable time, you have a problem.
2. Expired Guard Registrations
Every security guard working in Tennessee must hold an active registration with TDCI. Unarmed guard registrations last two years. Armed guard registrations also last two years, with the added requirement of maintaining current firearms qualification.
Letting registrations expire is one of the most common violations I encountered. It usually happens the same way: a guard’s registration expires, nobody in the company’s administrative office notices, and the guard keeps working for weeks or months without valid credentials.
This is a violation for both the individual guard and the company. Under T.C.A. Section 62-35-118, employing an unregistered security guard is a citable offense against the company’s license. The guard can face individual penalties as well.
The fix is simple. Track expiration dates. Every guard registration has a printed expiration date. Enter those dates into whatever system you use, whether that’s a spreadsheet, a calendar, or dedicated HR software. Set reminders 90 days before expiration. Start the renewal process early enough that lapses don’t occur.
I saw companies with 50, 80, 100 guards who had no systematic method for tracking registration expiration dates. They relied on individual guards to renew on time. That’s not a compliance strategy. That’s hope.
3. Inadequate Firearms Training Documentation
Armed guard registration requires firearms qualification, and T.C.A. Section 62-35-120 specifies the standards. The guard must qualify on a TDCI-approved firearms course under a certified firearms instructor. Documentation must include the date of qualification, the specific firearm used, the course of fire completed, the qualifying score, and the instructor’s name and certification number.
When I reviewed armed guard files, the firearms documentation was the section most likely to be incomplete. Common problems: no instructor certification number on the qualification form, no record of the specific firearm model and caliber, qualification scores recorded as “pass” without a numerical score, and range qualification conducted by an instructor whose own certification had expired.
Each of these is a separate citable deficiency. A company running 20 armed guards with sloppy firearms documentation could face 20 individual findings in a single audit.
The firearms qualification must also be current. TDCI requires requalification at intervals specified in the administrative rules. A guard who qualified in March 2015 and hasn’t requalified since is working on an expired qualification, regardless of whether their registration card is still technically valid.
4. Failure to Notify TDCI of Employee Terminations
This one surprises people. T.C.A. Section 62-35-126(b) requires companies to notify TDCI when a guard leaves their employment, whether through termination, resignation, or any other separation. The notification must occur within a specified timeframe.
The purpose is straightforward: TDCI needs to know where registered guards are working. If a guard is terminated for cause, stealing from a client’s property, sleeping on duty, brandishing a weapon inappropriately, TDCI’s records should reflect that the guard is no longer associated with the company that terminated them.
In practice, termination notifications were among the most neglected compliance requirements I observed. Companies would fire a guard on Monday and never submit the separation notice. That guard might apply to another security company the following week, and the new employer’s background check through TDCI would show them as still employed by the previous firm.
The Audit Process: What Actually Happens
TDCI conducts both routine and complaint-driven audits of licensed security companies. Routine audits follow a cycle; complaint-driven audits happen when someone, a client, a guard, a member of the public, files a formal complaint.
Here’s what to expect during a routine audit.
A TDCI compliance officer will contact your company, typically by phone or email, to schedule the audit. You’ll usually get a few days’ notice, sometimes a week. Don’t panic. Do prepare.
The auditor will visit your principal office, the address listed on your company license. They will ask to review employee records for a sample of your guards, typically 10 to 20 files selected at random from your roster. They’ll check each file against the requirements in T.C.A. Section 62-35-126.
They will verify that your company license is current and properly displayed. They’ll confirm that your qualifying agent, the individual whose credentials support the company license, is still actively associated with the company. They’ll review your firearms training records if you employ armed guards.
The auditor will also check your insurance. T.C.A. Section 62-35-113 requires licensed security companies to maintain general liability insurance at specified minimum coverage levels. Your certificate of insurance must be current and must name TDCI as a certificate holder.
The entire audit typically takes two to four hours, depending on the size of your operation and the state of your records. If the auditor finds deficiencies, they’ll document them in a report. You’ll receive a copy and a timeframe to correct the issues. Repeat violations or serious deficiencies can result in fines, license suspension, or revocation.
How to Prepare
Don’t wait for the audit notification to get your house in order. The companies that sail through audits are the ones that maintain compliance as an ongoing practice rather than a last-minute scramble.
Conduct a self-audit quarterly. Pull 10 random employee files and check them against the requirements. Are all fields complete? Is the guard’s registration current? Is the firearms qualification on file and within date? Is the training documentation signed and dated?
Designate a compliance officer. Even in a small company, one person should own compliance. That person tracks registration expirations, files termination notices, maintains employee records, and acts as the primary contact for TDCI. In a company with five guards, this might be the owner. In a company with fifty, it needs to be someone’s defined responsibility.
Build your filing system before you need it. Physical files, digital files, or both: pick a system and stick with it. Every guard should have a folder that contains every document TDCI might ask to see. When you hire a new guard, complete the file before they work their first shift. Not after.
Keep your insurance certificate current. This sounds obvious. I saw companies whose general liability insurance had lapsed because someone forgot to pay the premium. Operating without insurance doesn’t just violate T.C.A. Section 62-35-113; it exposes the company to catastrophic financial risk. One incident with an uninsured guard could end the business.
Maintain a termination log. Every time a guard leaves your company, record the date, the reason, and the date you submitted the TDCI notification. Keep a copy of the notification itself. This log protects you if TDCI later asks about a former employee.
The Consequences of Non-Compliance
The penalties for violations vary by severity and repetition.
First-time administrative deficiencies, like an incomplete employee file, might result in a corrective action notice with a deadline to fix the problem. No fine, no suspension, just a documented warning.
Repeated deficiencies or more serious violations can bring monetary penalties. TDCI can impose fines per violation, and when an audit turns up 15 deficient employee files, those per-violation fines compound quickly.
Serious violations, such as operating without a valid license, employing unregistered guards, or allowing unqualified individuals to carry firearms while on duty, can result in license suspension or revocation. A suspended license means you cannot operate. Your contracts are void. Your guards cannot work.
The financial impact extends beyond TDCI penalties. When a security company loses its license, even temporarily, clients have to find replacement coverage on short notice. Those clients will never come back. The reputational damage in Tennessee’s security market, where operators know each other and talk regularly, is permanent.
I watched companies that had been operating for 10 or 15 years lose their licenses over record-keeping failures that could have been prevented with a $20-a-month filing system and two hours of administrative time per week. The violations that killed those licenses weren’t dramatic. They were boring. Missing paperwork. Expired registrations. Unfiled termination notices.
Compliance isn’t exciting. Neither is keeping your license, your clients, and your business.
Do the paperwork. Keep the files. Track the dates. That’s the whole secret.