Michele Honomichl

October 8, 2015 – 9:00am

Michele Honomichl Founder, Executive Chairman & Chief Strategy Officer Celergo Global Payroll

EU Data Privacy

Safe Harbor

Office of Foreign Assets Control (OFAC)

Foreign Corrupt Practices Act (FCPA)

United Kingdom (UK) Bribery Act

The Move to Automated Compliance (E-Filing)

Global Operations = High Exposure

Payroll compliance is often treated as just a local country problem; it is not

Organizations need to gain control over risk and compliance processes

#PAYCON

European Union directive adopted in 1995 which regulates the processing of personal data within the European Union.

Personal data should not be processed at all, except when certain conditions are met.

Based on 7 Principles: ◦ Notice

◦ Purpose

◦ Consent

◦ Security

◦ Disclosure

◦ Access

◦ Accountability

Why is EU Data Privacy Critical to Global Compliance?

It applies to anyone collecting data on EU Citizens.

Employers doing business in Europe need to ensure they are compliant with the EU Directive.

How to Ensure EU Data Privacy Compliance?

Follow the 7 Outlined Principles.

Encryption is often agreed to be the best data security measure available as it renders the data unintelligible to unauthorized parties in cases of data loss.

Requires security policies

Policies are tested regularly

Compliance programs are reviewed every 2 years

Explicit consent

What are the current penalties?

$1M EUR or up to 2% of revenue

What are the proposed penalties

Fines of up to €100 million or 5% annual turnover

#PAYCON

Safe Harbor is the name of a policy agreement established between the United States Department of Commerce and the European Union (E.U.) in November 2000 to regulate the way that U.S. companies export and handle the personal data (such as names and addresses) of European citizens.

Notice

Choice

Onward Transfer

Access

Security

Data Integrity

Enforcement

Eliminates the need for prior approval to begin data transfers or provides for automatic approvals

Flexible privacy regime

Enforcement will be conducted in the United States vs Europe

Go to www.export.gov/safeharbor

Read the requirements

Create an account

Complete the documentation

Send a check for $200

Self-certify each year

Comply with the 7 requirements

Ensure data is secure and accurate

Maintain a compliance program

High Court of Ireland sent Schrems vs. Facebook to the Court of Justice Of the European Union (CJEC)

The CJEC ruled on Tuesday October 6th that Safe Harbor is not valid

Issue is that US Companies cannot comply with EU Data Privacy due to the nature of the NSA’s ability to access data on US soil

EU Privacy Principles still Exist

Each Country Can Now Determine Its Own Data Privacy Requirements

Non-European businesses may be opened up to significantly more scrutiny from regulators within Europe.

Countries can choose to suspend the transfer of data to the US — forcing companies to host user data exclusively within the country.

If the Safe Harbor rules in place since 2000 are done away with, each country in the European Union could potentially set is own privacy rules and regulations

Watch this space

Review everywhere your company potentially has Personal Data on EU citizens – HR Systems, Payroll, Accounting, Paper

Determine compliance regimes

Explicit Consent

Data Hosting in the EU

Encryption

Model Contracts, Standard Contractual Clauses and Binding Corporate Rules

#PAYCON

Enforced by US Dept. of the Treasury

Based on US foreign policy and national security goals

Specially Designated Nationals and Blocked Persons list ("SDN List") includes: ◦ Foreign countries and regimes, Terrorists…etc.

Why is OFAC Critical to Global Compliance?

Need to ensure Global Personnel and Foreign companies conducting business with are not on SDN List

Critical if carrying out payment transactions ◦ Banks will run Beneficiaries through OFAC

◦ Hit = Watch List

How to Ensure OFAC Compliance?

Personnel Data is Required: ◦ Legal First and Last Name, DOB, City of Origin

Run Personnel/Company against OFAC’s SDN List

In case “Hit” need to take due diligence steps as outlined in Treasury Dept. site

Take no action

Request more information

Issue Letter urging improved compliance

Finding of Violation letter

Impose civil penalty

Making a criminal referral

What are the penalties?

$1000 to $250,000

More if willfully involved

How do I reduce potential penalties?

Prove compliance program

Self report

#PAYCON

Foreign Corrupt Practices Act (1977)

Prohibits payment of bribes to foreign officials to assist in obtaining/retaining business

Since 1998 extends to publicly traded companies including foreign firms (directors, employees, stockholders…)

Securities and Exchange Commission (SEC) & Department of Justice (DOJ) responsible for enforcement

Why is the FCPA Critical to Global Compliance?

Enforcement has shown increase in cross-border collaboration

Applies to any act by US businesses, foreign corp. in the US, US nationals, citizens, and residents acting in furtherance of a foreign corrupt practice whether or not they are physically present in the US

Meaning of “foreign official” is broad

How to Ensure FCPA Compliance?

Keep books/records that accurately reflect the transactions

Devise and maintain an adequate system of internal accounting controls

Ensure global personnel is aware of FCPA regulations even if bribery is “commonly accepted” locally

Questions on conduct, use the Department of Justice’s Foreign Corrupt practices Act Opinion Procedure

What are the Penalties?

In 2014, the DOJ and SEC resolved FCPA cases with 10 companies for a whopping total of $1.56 Billion.

Siemens settled FCPA offenses with the DOJ and SEC in 2008 by paying $1.6 billion. The settlement is the biggest FCPA enforcement action.

#PAYCON

What is the UK Bribery Act?

“The toughest anti-corruption legislation in the world”

2010 Act criminalizes bribery, being bribed, the bribery of foreign public officials, and the failure of a commercial organization to prevent bribery on its behalf

Serious Fraud Office (SFO)

Why is the UK Bribery Act critical to Global Compliance?

The Act has a near-universal jurisdiction, allowing for the prosecution of an individual or company with links to the United Kingdom, regardless of where the crime occurred.

Failure of a commercial organization to prevent bribery is an offence

How to Ensure UK Bribery Act Compliance?

Certify the identification of the Directors of any company doing business with: ◦ Certified copy of photo ID

◦ Certified copy of proof of home address

Ensure global personnel is aware of UK Bribery regulations even if bribery is “commonly accepted” locally.

What are the Penalties?

A maximum of 10 years' imprisonment, along with an unlimited fine, and the potential for the confiscation of property, as well as the disqualification of directors

FCPA applies only to the corruption of foreign officials, the UK Bribery Act catches bribes offered or given to any person.

It is an offence under the UK Bribery Act to request, to agree to receive, or to accept a bribe. Whereas the FCPA only applies to persons giving or offering a bribe and not to those accepting one.

#PAYCON

Why?

Local Governments are looking to streamline Tax Reporting/Filing ◦ Centralize & Standardize

Growing need for real time information

Reduce red tape

Reduce manual processes

United Kingdom – Real Time Information (RTI)

France -Déclaration Sociale Nominative (DSN)

Brazil – E Social

Australia - SuperStream

Real Time Information

Required by October 2013

Provide data directly to the HRMC after each payroll run versus at the end of the year

No longer will companies need to submit P14, P35, P38A or P45s to the HRMC forms

Companies will still need to submit P60's, P9D, P11D forms

Déclaration Sociale Nominative

DSN will replace and automate the manner in which all Social Declarations are filed ◦ a. Employee Hires: (Fixed term, must provide end date of

contract) b. Medical Leave: (Send within 3 days after leave to record for sickness, maternity, and paternity.) c. Leaving of an Employee: (Send within 3 workdays before the leave date)

◦ d. Monthly Changes: (Provide bonuses/premiums with dates of execution) ie. Other Impacts: i. Employees on parental/sabbatical leave need a pay slip

Required by January 2016

Goal of eSocial is to gradually replace obligations like CAGED, RAIS, SEFIP and GFIP (labor and social security withholding forms) ◦ Streamlines data sent to the government regarding

payroll, labor, social security and tax obligations, and other information

◦ Ensures social security and labor rights are guaranteed for workers;

◦ Simplifies compliance with obligations ◦ Improves the quality of information sent

Employer obligations are not changing, they are just being submitted in a standard, consolidated, automated format

Completed by September 2016

Automation of Superannuation payments by employers

Employee must provide details of his or her selected pension program

Standard interface for all programs

All companies must comply by June 30, 2016

What does this mean for Employers?

Investment into required software if in-house

Stringent Deadlines

Revisions to payroll/filings almost impossible

Adherence to new protocols

Global Compliance is often overlooked if operations locally are compliant; it can’t be.

Companies with US and Global Operations need to implement protocols with regards to OFAC, FCPA and any applicable local regulations.

Thank you and please remember to complete your evaluation for this session.