Breaking Down Payroll Compliance
In the payroll world, compliance is of utmost importance. Payroll is highly regulated and as an employer, you need to make sure that you pay 100% of your employees, 100% accurately, 100% of the time. Mistakes can be very costly and lead to major headaches. Not surprisingly, payroll compliance ranks very high as a key concern for most payroll managers. And there is much discussion in the payroll industry about what can be done to further strengthen payroll compliance. Now before we go off defining solutions for stronger payroll compliance, it is important to peel back the buzzword “payroll compliance” and to further dissect the different dimensions of payroll compliance.
Fundamentally, payroll compliance can be broken down into 3 different dimensions or layers:
1. Compliance with tax and social security obligations:
This first layer is typically the immediate layer that people think about when they talk about payroll compliance. It deals with the rules and regulations that are being imposed on organizations by the regulators, typically through local tax, social security and labour legislation. This layer breaks down into two further sub-layers:
- Did you interpret the local tax and social security laws and practices correctly in how the payroll was processed?
- Did you file all the statutory reports and submission to local tax and social security authorities on time and correctly?
This part is inherently local and requires deep local tax and labour law expertise. Since regulations are constantly changing in the local environment, with new laws being introduced every year in the local legislation and new rulings being instituted through local courts, it is critical to “have the ear to the ground” in order to stay current.
As a payroll manager looking for external payroll services, it is important to understand that this is an area where many of the traditional payroll service providers/bureaus fall short of keeping you actually compliant. They will simply crunch the inputs that you give them, without questioning the inputs you are providing them or advising you on how you need to treat certain employee situations. One of our clients refers to this model as the "payroll typist" model, i.e. the provider simply takes what you give them and enters it into their payroll system. The risk is obvious: garbage in, garbage out. Let’s say you misclassified an employee and ask the payroll provider to process their payroll, you will get the wrong values for that employee. Which can catch up with you later when the tax authorities conduct an audit.
If compliance is important to you and you look for external partners to provide you with tax and compliance advisory, make sure you select your local provider carefully. And don’t be blinded by big brand names or glossy sales brochures. And while some of the big international vendors might tell you that they have built up a global compliance practice, you should challenge them whether they will really give you advice and guidance about the required treatment of different employment scenarios. Give them some specific employee situations and see what advice they give you on how to handle them.
In terms of tracking your compliance posture regarding statutory submissions (i.e. point 2 above), it can be very challenging when you are managing a large multinational organization just to have visibility into whether you have actually submitted all the required local filings. For this purpose, you should have a central Compliance Tracker tool that allows you to capture and archive all the local statutory filings that you or your local partners have submitted.
2. Compliance with company procedures and business practices:
While the first layer of compliance dealt with externally imposed rules and regulations, this second layer is focused on internal controls and governance. Being responsible for the efficient and compliant execution of global payrolls, you want to make sure: Does everyone in the organization follow the established policies and best practices when it comes to "getting the job done", i.e. executing the payroll process in the local environment? For example, are proper data validations in place to highlight potential payroll discrepancies and issues in the local payroll operations? Are the correct review and approval steps being followed to ensure the proper check and balances are in place?
We find that in many organizations that is a real lack of visibility and understanding of what actually happens in the local payroll execution. Each country acts on their own and follows different rules and procedures. Often, those local rules and procedures are poorly documented. When you ask for local workflows and process maps, you get a lot of handwaving or hard-to-understand scribbles. In such an environment, it becomes virtually impossible to ensure that local payroll operations are managed to the highest standards, apply operational best practices and do not leave the company exposed to undue risks.
At the very least, you should have your local processes mapped and documented. Better yet, you should streamline your local processes and capture them in a digital workflow tool that helps to manage the tasks and activities of all stakeholders in a central, transparent manner. By doing so, you ensure that everyone - internal team members as well as external partners – follows agreed procedures and you create a 100% audit trail of what has been done (or has not been done) which helps to track and enforce procedures.
3. Compliance with data privacy and security protocols:
Payroll inherently deals with lots of very sensitive information: employee salaries, benefits, bank information etc. needs to be exchanged between various stakeholders – internal and external – during the payroll process. Since the introduction of GDPR in 2018, a lot more scrutiny is required on how sensitive employee information is being handled and protected. Operating procedures that were considered to be adequate in the past (e.g. exchange of sensitive information via emails) are no longer sufficient. Unfortunately, we find that even almost three years since the introduction of GDPR all too often sensitive data is still being spread all over the place via emails and share drives, especially in smaller countries with less sophisticated processes and tools. As a good practice, you should move away from using email and share drives as a mechanism for exchange sensitive information to start with. Instead, you should adopt a strong collaboration and communication environment that has built-in data protection controls (e.g. multi-factor authentication, full data encryption, closed group communication, etc.) and that allows you to granularly manage access to employee information for internal and external stakeholders based on a need-to-know basis.
If you would like to learn more about how to improve your payroll compliance, please contact our team or sign up for a free demo to learn about how Payzaar’s state-of-the-art global payroll management solution can help you and your organization.