Compliance is a continuing headache for those running payroll. Better order more aspirin – compliance rigours are likely to increase.
For payroll, post-Enron and Worldcom, compliance is no longer just about navigating through the maze of fairly mundane employment legislation, but also playing its part in demonstrating transparent, squeaky clean corporate behaviour.
And post-credit crunch, the regulatory burden is only likely to increase.
“The crunch was as much a result of the failure of the regulatory framework as of banking incompetence,” says Keith Rodgers, co-founder of Webster Buchanan Research, a market intelligence company specialising in human capital management and financial management sectors. “So everyone’s going to have to live with that.”
Mike Ellis, finance director at payroll and HR services provider ADP, which as well as ensuring its own house is in order also helps its outsourcing clients remain compliant, also expects a rise in controls imposed on payroll.
“Certainly with the way things have moved you do need to be obsessed with compliance,” he says. “There’s going to be more and more regulation and more focus on control.”
If you are not directly involved with payroll, you might think you can turn a blind eye to the legislative and regulatory detail. ‘Someone else will sort it’. This may be true to a degree, but no-one working in pay and reward can absolve themselves of responsibility for compliance in all its many guises.
Even if you don’t know all of the intricacies and complexities, it is important you appreciate what is being introduced and what impact it will have on HR, payroll and across the business.
So what legislation is likely to present the biggest compliance challenges to organisations over the coming months and where do the biggest burdens lie? The sheer volume of regulation and pace of change presents perhaps the biggest challenge in itself, and there will clearly be no tailing off in terms of compliance that arises from employment legislation and regulations.
“The expanding requirements, in relation to statutory deduction, statutory payments and reporting are the main impact on employers and clients,” says Simon Parsons, director of payments, benefits and compliance strategies at HR services provider Ceridian. “This year has seen one of the largest rewrites of national insurance (NI) calculations for some considerable time. We will also see major expansion of compliance requirements in relation to in-year electronic filing.”
Parsons says those involved in reward and comp and bens must also understand the implications of ‘trendy’ tax and NI contributions savings schemes, and the ever-changing application of associated legislation.
He gives the example of the increasing application of salary sacrifice schemes and the interconnectivity with, and impact on, employment law entitlements such as maternity leave.
“Employers need to enter arrangements with their eyes open rather than being reliant on the blinkered gloss provided by flexible benefit promoters,” he says.
John Black, payroll and legislation adviser at HR services provider MidlandHR, has been in the thick of payroll legislation for more than 10 years.
A particular bugbear for him is the tendency for government departments to push through legislative changes without making any allowance for developers to incorporate changes to their software. This was the case with a “very significant change” to arrestment orders announced by the Scottish Parliament three weeks before the implementation date of 6 April.
“There’s no comeback,” he says. “You can’t just say you’re not doing it – it’s the law and you must comply.”
Detection and prevention
Significantly, the past few years have also seen a shift of emphasis to the detection and prevention of corporate fraud, and anyone working in the pay and reward sector needs to be alert to this new era of compliance.
As Nicholas Pow, business improvement manager at ADP, points out, with payroll accounting for up to 80% of corporate expenditure, any internal audit process demands senior management to have intimate knowledge of internal controls: “How do you know that no-one is defrauding the company? How do you know that you’re paying the right amount of money, and how do you know the money’s going in to the right places?”
We can certainly point the finger at the US and specifically the likes of Enron for triggering some of the weightiest legislation to come to UK shores, notably the Sarbanes-Oxley (SOX) Act. Effective from 2004, it requires US public companies to meet stringent standards of accounting practice with clear audit trails. So exacting is the process that it is seen as the corporate equivalent of root canal work. Similarly, the first payroll professional to undertake a SOX audit in the UK in 2005 likened it to an ‘anatomical autopsy’.
Although SOX applies to US companies and those with US parentage, any companies they deal with must also be able to demonstrate compliance. If you’re not US-owned and don’t do business across the pond, it’s too early to start rejoicing, as the European Union will be adopting its own version of SOX soon.
As a subsidiary of a large US multinational, SOX has had a big impact for ADP and the clients it deals with, which must also comply. The starting point was to review ADP’s internal controls in detail, explains Ellis.
“There was a lot of work that went into it upfront regarding documentation,” he says. “Not that this information didn’t exist in the first place, but it becomes even more important that you spend time making sure your processes are up to date and that you are doing what you are saying. It’s really about taking a strong view as to what payroll controls you have in place to make sure you meet the requirements.”
Some US-owned UK subsidiaries, however, have found SOX a particular headache because the reporting requirements are geared around US payroll and tax legislation, says Kate Upcraft, a former policy and research manager at the Institute of Payroll Professionals, who is now an independent payroll trainer and commentator.
“As SOX is finance-driven, it isn’t always a good fit with payroll’s activities,” she says. “It can have a negative impact for some organisations and sometimes misses the point.”
Yet in many ways, the rigorous procedures required have forced organisations to enact good practices that will assist them with compliance in other areas. Pow says that SOX has had a bearing on ADP’s information security strategy, with huge amounts of work having been carried out on privacy and confidentiality of data protection.
It also forces ADP to reassess risk every year. More generally, because it requires senior level sign-off, SOX has made it compulsory for company directors to have greater understanding of their payroll operations.
Senior personnel who have to be able to drill down to the detail and ensure the checks and balances are in place will inevitably rely on up-to-date software and services that typically combine automated functions with thorough data analysis and management reporting capabilities. Rodgers believes, however, that some organisations are woefully lacking in this area, which can make compliance much harder work.
“If your payroll system is old, held together with sticky plaster and only one person in your company knows how to switch it on in the morning, it’s a fair bet you’re not going to get three-dimensional, real-time management reports with your morning coffee,” he says.
That said, Rodgers believes compliance is also a convenient angle for vendors touting software and services. “It’s a bit like taking your car in for a service, the mechanic stroking his chin, shaking his head and saying: ‘Well, your brake pads are OK and the tyres are legal, but if it was me taking my little boy out for a drive, I wouldn’t risk it.’
“Nine out of 10 people cough up on the spot,” he says. “But if you’re buying software you need to be asking tough questions. How exactly will a new system make you more compliant? Does it meet all of your obligations – or conversely, are you paying for something that is overspecced for your requirements?”
Top tips for compliance
- Establish transparent audit trails with clear personal accountability and make sure that payroll, HR and finance join forces to produce it.
- Harden your technical controls by applying improved authentication methods.
- Put systems in place to ensure policies are continually monitored and enforced.
- Make certain your payroll software is capable of real-time reporting; any time-lag offers the potential for cover-up.
- Institute mandatory training programmes for employees, particularly in heavily regulated sectors such as financial services.
A bright spot looms
While meeting the many and varied regulatory demands is never going to be a breeze, there are bright spots on the horizon.
HM Revenue & Customs (HMRC) is abandoning its penalty approach to failures and replacing it with a more educative, partnership approach, according to tax expert Kate Upcraft. Compliance checks under the new regime will involve ‘system walkthroughs’, where the payroll and HR managers will sit with HMRC personnel and explain their processes from the moment a person is recruited to their departure, to try to identify any potential weaknesses in the system that can then be rectified.
“Certainly the employers I’ve spoken to who have been involved in the early trials of the new compliance and check regime say it is much better,” she says.