HCM Compliance in 3D
Compliance is “the act or process of doing what you have been asked or ordered to do.” In your global payroll arena, it means conforming to the governing laws, regulations, and guidelines—or facing legal action including financial penalties. But what does that really mean in the global context of HCM? How does one navigate the complex and ever-changing landscape of requirements within a country or across regions of the world? How does an organization make sense of what to comply with in the first place?
The first step is to understand the compliance landscape for your organization. Given the myriad laws and policies that can apply to your organization, it is helpful to have a framework to illuminate your circumstances. Compliance at its most basic level can be broken down and viewed across three risk dimensions:
- Business activities
By understanding where your company fits within each risk dimension, you can build a clear picture of the compliance activities required of your company and work toward successful compliance management. To start, you must first understand your organization’s business activities.
Compliance Dimension No. 1: Business Activity Risk
Your organization’s business activities and employee classification strategy directly affect its compliance landscape. HCM-related activities include standard processes such as recruiting, hiring, payroll, compensation and performance management, time and attendance tracking, and off-boarding and termination, to name a few. Your company may also engage in more complex processes, such as expatriate employment, or obtaining cross-border work visas, further enhancing its risk landscape. It is necessary to view the business activities being performed in each country and call out any unique processes that are geography-specific.
Additionally, companies often employ multiple classifications of workers simultaneously, including full-time, salaried employees, contractors, or temporary workers. Given the varying rules that apply to different classes of workers, understanding the compliance requirements applicable to each class at a country level is imperative.
One way to ensure you create an exhaustive list of business activities is to review it with seasoned personnel in recruiting, HR, payroll, finance, and operations in each of your locations. Ultimately you will need to determine the rules that apply to those activities in each of your locations. To accomplish this task, you will next need to determine exactly where your company operates.
Compliance Dimension No. 2: Jurisdictional Risk
Increasingly, companies are expanding globally and leveraging technology to build virtual workforces. Each new hire presents a potential new operating location for your company, introducing further complexity to your compliance landscape. Each of these locations belongs to a jurisdiction. This is a geographically defined unit with the power to make certain legal decisions within its boundaries. Jurisdictions range from regions such as the European Union to countries, states, or provinces, cities, and townships. Just as an American company is subject to federal, state, and local laws, your locations abroad may be subject to laws in overlapping jurisdictions. You will need to answer several key questions to understand which jurisdictions your company operates in:
- Where does your workforce live?
- Where do they work? If they travel frequently for work, where are they traveling?
- How many people live and work in each location?
A centralized HCM system with flexible reporting capabilities can quickly clarify these questions. The results may appear daunting at first depending on the geographic dispersal of your workforce. Where should you prioritize?
“Start with the locations with the most employees and the locations where employees perform key business functions or perform activities in industries that are highly regulated,” recommends Lisa Clapes, Vice President, Corporate Counsel, Compliance & Privacy, Ceridian. “Given that your company’s two biggest human assets are your customers and your employees, you’ll want to prioritize those locations that pose the largest business risk first.”
Compliance Dimension No. 3: Rule-Based Risk
HCM rules can be grouped into several categories: laws and regulations, contracts or agreements, and company policies. HCM-related laws and regulations vary by country and often by state, province, or city. Similarly, contracts, union agreements, or collective bargaining agreements often vary by location around the world. Company policies can take the form of unique corporate rules that enhance your workforce culture or industry standard policies your company has adopted.
With so many laws, contracts, and policies that apply across your workforce, the next step is to build your company’s compliance landscape.
Building Your HCM Compliance Landscape
You can think of the second two dimensions—jurisdictions and rules—as lenses through which to filter specific business processes. For example, start with a business activity, such as hiring, and then choose a jurisdiction where the activity is performed. Finally, review the rules that apply—starting with laws and regulations, followed by contracts or employment agreements, and corporate policies. The results can be distilled into a set of compliance requirements that can be communicated to the business and monitored.
For example, suppose you choose to map two business activities, one related to payroll and the other to scheduling. The first activity involves compensation and withholding for expatriate employees in Africa. Your compliance team informs you that some countries such as Ghana and Guinea require employees located there to continue contributing to their home country social security and withholding tax systems. Additionally, your compliance team at home tells you that U.S. employees looking to transfer abroad face conflicts involving double taxation in their home and transfer countries and may also become ineligible to contribute to 401(k) and other uniquely U.S. employee benefit plans.
Your next task involves scheduling a large population of employees in a manufacturing plant in Europe. Company counsel in Europe says you will need to accommodate for differences in work schedules such as a shortened workweek for non-managerial employees, restrictions on the length of a workday and week, more generous vacation and paid leave requirements than those standard in the United States, and health and safety regulations that impose additional break allowances.
Now that you’ve assembled a compliance landscape for your selected business activities, you will need to develop a set of compliance requirements for workers in the affected U.S., African, and European locations. At a minimum, the requirements should describe each business activity separately and list all rules applicable to that activity, using interpretation from counsel as necessary. Although this process can sometimes prove challenging and complex, recognizing that each jurisdiction is different and may require a fresh approach is important and will help you avoid the pitfalls associated with a “one-size-fits-all” approach to compliance management.
When your set of compliance requirements is complete, develop an implementation plan that identifies the business units, processes, and software used to execute the business activities and determine how best to apply the requirements to them. The processes you develop as a result of this work should include a plan to communicate to—and train—affected personnel, monitor any changes to the rules or business activities, respond to violations, and establish a regular review period (annually is recommended by most compliance experts).
Ideally, any new requirements should piggyback on existing processes to minimize impact and ensure adoption. Most importantly, you should identify who is responsible for each aspect of compliance management—a topic we will discuss in the next article. Successful compliance management starts with a detailed understanding of your company’s three compliance dimensions: business activities, jurisdictions, and rules.