Understanding the Risks of Non-Compliance in Global Payroll
Jan 9, 2020 | Topic: Compliance
When it comes to successful global payroll delivery today, the primary concerns of payroll leaders within multinational organizations extend beyond accuracy and timeliness. The moving target that is statutory compliance at local and regional levels is just as important and is playing a significant role in shaping the future of payroll processing.
Developing an adaptable strategy is essential for global companies to manage compliance with data protection and reporting requirements. And key to such a proactive approach is understanding the primary risks to compliance, so organizations can address changes and issues as they arise. Here, we’ll look at the main risks to compliance and what they mean for companies looking to outsource global payroll.
Changes in Law
Since its implementation in May 2018, the European Union’s General Data Protection Regulation (GDPR) has raised the bar for data security requirements of organizations within the EU and around the world. Importantly, GDPR sought to manage data protection even as that data crosses international borders as companies try to achieve continuity of service and access across geographies.
However, the EU is not alone in defining new and widespread legislative requirements, as the BRIC countries (Brazil, Russia, India, and the People’s Republic of China) all have debated how to control the flow and hosting of data for their citizens. Brazil’s major data legislation, LGPD (Lei Geral de Proteção de Dados Pessoais), comes into effect in 2020, and in India, lawmakers are expected to debate new legislation in the third quarter of 2020. In the United States, state-level legislation has increased protection in many jurisdictions, such as through the California Consumer Privacy Act (CCPA) and the Strengthen North Carolina Identity Theft Protection Act.
It's expected that new legislation will continue to be introduced at regional, country, and state levels around the world, and existing laws will continue to be adapted as they are tested. One requirement shared by these laws is that of employers to stay abreast of the changes and remain compliant when it comes to the management and processing of employee data, including for payroll.
Changes in Technology
The move away from traditional, physical rack-space data hosting in favor of scalable cloud-based solutions is a welcome change. Beyond allowing for easier, more timely data management, cloud storage enables better security options and is more adaptable to ongoing and future technology changes.
However, because this shift to the cloud means a significant structural change for more established companies, it can present some challenges. For example, data-mapping can be more difficult to accurately describe as enterprises transition their networks away from physical data centers.
IT leaders need to work closely with compliance managers, as well as payroll and HR teams, to ensure that data and workflows remain protected as systems are modernized. Knowing precisely where employee data is stored and how it is transmitted becomes paramount should either a data owner exercise their rights or should an organization suffer a data breach.
Changes in External Threats
While the most publicized breaches focus on consumer data, employee information remains a highly vulnerable asset for many companies. Particularly as employers manage regular financial transactions for their workforces, external actors look to expose and take advantage of weak controls over employee data to attack organizations, such as by impersonation fraud to divert funds.
A range of tactics enable such targeted attacks on employee data, from subverting financial transactions to capture personal employee details to impersonating internal accounts through spear-phishing attacks. As these tactics grow in sophistication, they will pose a bigger threat to employers and exploit the vulnerabilities in outmoded systems, potentially putting a larger target on the companies that use them.
How Vendors Can Help
For organizations considering the benefits and impact of outsourcing global payroll processing, it’s important to make data protection requirements a key discussion topic with any prospective vendors. Global providers with proper procedures and controls in place will be able to demonstrate their compliance record, from the transferring of activities through the ongoing delivery of compliant payroll services.
A key benefit of partnering with an experienced global provider is that organizations can leverage the provider’s expertise and experience, particularly in countries new to the company or those that present unique challenges. The right provider will also produce subject-matter experts to discuss any particular areas of concern.
Various payroll providers offer the ability to integrate key systems, such as a global HCM, with their payroll solution, although integration capabilities can vary significantly by vendor. Integration can offer additional protection and, as such, is an important consideration for any payroll transformation project. Suitable vendors will be able to demonstrate accredited integration capability for the organization’s chosen HR or finance system, as well as a robust internal control environment detailing how they will receive, process, and retain employee data.
In general, it’s important to recognize how much has changed just in the past few years when it comes to data protection and legislative compliance. The fact that such change is likely to continue brings both advantages and challenges, but one thing remains clear: companies who commit resources to evolving an adaptable, cloud-based data network for business information will be in a better position to navigate changes as they come.