Date post: | 17-Nov-2018 |
Category: |
Documents |
Upload: | nguyendiep |
View: | 213 times |
Download: | 0 times |
EU Data Privacy
Safe Harbor
Office of Foreign Assets Control (OFAC)
Foreign Corrupt Practices Act (FCPA)
United Kingdom (UK) Bribery Act
The Move to Automated Compliance (E-Filing)
Global Operations = High Exposure
Payroll compliance is often treated as just a local country problem; it is not
Organizations need to gain control over risk and compliance processes
European Union directive adopted in 1995 which regulates the processing of personal data within the European Union.
Personal data should not be processed at all, except when certain conditions are met.
Based on 7 Principles: ◦ Notice
◦ Purpose
◦ Consent
◦ Security
◦ Disclosure
◦ Access
◦ Accountability
Why is EU Data Privacy Critical to Global Compliance?
It applies to anyone collecting data on EU Citizens.
Employers doing business in Europe need to ensure they are compliant with the EU Directive.
How to Ensure EU Data Privacy Compliance?
Follow the 7 Outlined Principles.
Encryption is often agreed to be the best data security measure available as it renders the data unintelligible to unauthorized parties in cases of data loss.
Requires security policies
Policies are tested regularly
Compliance programs are reviewed every 2 years
Explicit consent
What are the current penalties?
$1M EUR or up to 2% of revenue
What are the proposed penalties
Fines of up to €100 million or 5% annual turnover
Safe Harbor is the name of a policy agreement established between the United States Department of Commerce and the European Union (E.U.) in November 2000 to regulate the way that U.S. companies export and handle the personal data (such as names and addresses) of European citizens.
Eliminates the need for prior approval to begin data transfers or provides for automatic approvals
Flexible privacy regime
Enforcement will be conducted in the United States vs Europe
Go to www.export.gov/safeharbor
Read the requirements
Create an account
Complete the documentation
Send a check for $200
Self-certify each year
Comply with the 7 requirements
Ensure data is secure and accurate
Maintain a compliance program
High Court of Ireland sent Schrems vs. Facebook to the Court of Justice Of the European Union (CJEC)
The CJEC ruled on Tuesday October 6th that Safe Harbor is not valid
Issue is that US Companies cannot comply with EU Data Privacy due to the nature of the NSA’s ability to access data on US soil
EU Privacy Principles still Exist
Each Country Can Now Determine Its Own Data Privacy Requirements
Non-European businesses may be opened up to significantly more scrutiny from regulators within Europe.
Countries can choose to suspend the transfer of data to the US — forcing companies to host user data exclusively within the country.
If the Safe Harbor rules in place since 2000 are done away with, each country in the European Union could potentially set is own privacy rules and regulations
Watch this space
Review everywhere your company potentially has Personal Data on EU citizens – HR Systems, Payroll, Accounting, Paper
Determine compliance regimes
Explicit Consent
Data Hosting in the EU
Encryption
Model Contracts, Standard Contractual Clauses and Binding Corporate Rules
Enforced by US Dept. of the Treasury
Based on US foreign policy and national security goals
Specially Designated Nationals and Blocked Persons list ("SDN List") includes: ◦ Foreign countries and regimes, Terrorists…etc.
Why is OFAC Critical to Global Compliance?
Need to ensure Global Personnel and Foreign companies conducting business with are not on SDN List
Critical if carrying out payment transactions ◦ Banks will run Beneficiaries through OFAC
◦ Hit = Watch List
How to Ensure OFAC Compliance?
Personnel Data is Required: ◦ Legal First and Last Name, DOB, City of Origin
Run Personnel/Company against OFAC’s SDN List
In case “Hit” need to take due diligence steps as outlined in Treasury Dept. site
Take no action
Request more information
Issue Letter urging improved compliance
Finding of Violation letter
Impose civil penalty
Making a criminal referral
What are the penalties?
$1000 to $250,000
More if willfully involved
How do I reduce potential penalties?
Prove compliance program
Self report
Foreign Corrupt Practices Act (1977)
Prohibits payment of bribes to foreign officials to assist in obtaining/retaining business
Since 1998 extends to publicly traded companies including foreign firms (directors, employees, stockholders…)
Securities and Exchange Commission (SEC) & Department of Justice (DOJ) responsible for enforcement
Why is the FCPA Critical to Global Compliance?
Enforcement has shown increase in cross-border collaboration
Applies to any act by US businesses, foreign corp. in the US, US nationals, citizens, and residents acting in furtherance of a foreign corrupt practice whether or not they are physically present in the US
Meaning of “foreign official” is broad
How to Ensure FCPA Compliance?
Keep books/records that accurately reflect the transactions
Devise and maintain an adequate system of internal accounting controls
Ensure global personnel is aware of FCPA regulations even if bribery is “commonly accepted” locally
Questions on conduct, use the Department of Justice’s Foreign Corrupt practices Act Opinion Procedure
What are the Penalties?
In 2014, the DOJ and SEC resolved FCPA cases with 10 companies for a whopping total of $1.56 Billion.
Siemens settled FCPA offenses with the DOJ and SEC in 2008 by paying $1.6 billion. The settlement is the biggest FCPA enforcement action.
What is the UK Bribery Act?
“The toughest anti-corruption legislation in the world”
2010 Act criminalizes bribery, being bribed, the bribery of foreign public officials, and the failure of a commercial organization to prevent bribery on its behalf
Serious Fraud Office (SFO)
Why is the UK Bribery Act critical to Global Compliance?
The Act has a near-universal jurisdiction, allowing for the prosecution of an individual or company with links to the United Kingdom, regardless of where the crime occurred.
Failure of a commercial organization to prevent bribery is an offence
How to Ensure UK Bribery Act Compliance?
Certify the identification of the Directors of any company doing business with: ◦ Certified copy of photo ID
◦ Certified copy of proof of home address
Ensure global personnel is aware of UK Bribery regulations even if bribery is “commonly accepted” locally.
What are the Penalties?
A maximum of 10 years' imprisonment, along with an unlimited fine, and the potential for the confiscation of property, as well as the disqualification of directors
FCPA applies only to the corruption of foreign officials, the UK Bribery Act catches bribes offered or given to any person.
It is an offence under the UK Bribery Act to request, to agree to receive, or to accept a bribe. Whereas the FCPA only applies to persons giving or offering a bribe and not to those accepting one.
Why?
Local Governments are looking to streamline Tax Reporting/Filing ◦ Centralize & Standardize
Growing need for real time information
Reduce red tape
Reduce manual processes
United Kingdom – Real Time Information (RTI)
France -Déclaration Sociale Nominative (DSN)
Brazil – E Social
Australia - SuperStream
Real Time Information
Required by October 2013
Provide data directly to the HRMC after each payroll run versus at the end of the year
No longer will companies need to submit P14, P35, P38A or P45s to the HRMC forms
Companies will still need to submit P60's, P9D, P11D forms
Déclaration Sociale Nominative
DSN will replace and automate the manner in which all Social Declarations are filed ◦ a. Employee Hires: (Fixed term, must provide end date of
contract) b. Medical Leave: (Send within 3 days after leave to record for sickness, maternity, and paternity.) c. Leaving of an Employee: (Send within 3 workdays before the leave date)
◦ d. Monthly Changes: (Provide bonuses/premiums with dates of execution) ie. Other Impacts: i. Employees on parental/sabbatical leave need a pay slip
Required by January 2016
Goal of eSocial is to gradually replace obligations like CAGED, RAIS, SEFIP and GFIP (labor and social security withholding forms) ◦ Streamlines data sent to the government regarding
payroll, labor, social security and tax obligations, and other information
◦ Ensures social security and labor rights are guaranteed for workers;
◦ Simplifies compliance with obligations ◦ Improves the quality of information sent
Employer obligations are not changing, they are just being submitted in a standard, consolidated, automated format
Completed by September 2016
Automation of Superannuation payments by employers
Employee must provide details of his or her selected pension program
Standard interface for all programs
All companies must comply by June 30, 2016
What does this mean for Employers?
Investment into required software if in-house
Stringent Deadlines
Revisions to payroll/filings almost impossible
Adherence to new protocols
Global Compliance is often overlooked if operations locally are compliant; it can’t be.
Companies with US and Global Operations need to implement protocols with regards to OFAC, FCPA and any applicable local regulations.