Upload
oscar-franklin
View
229
Download
0
Embed Size (px)
Citation preview
Compliance Is No Longer Just Local – It’s Now
Global!Michele Honomichl
October 8, 2015 – 9:00am
Michele HonomichlFounder, Executive Chairman & Chief Strategy OfficerCelergo Global Payroll
Speaker
EU Data Privacy Safe Harbor Office of Foreign Assets Control (OFAC) Foreign Corrupt Practices Act (FCPA) United Kingdom (UK) Bribery Act The Move to Automated Compliance (E-
Filing)
Agenda
Global Operations = High Exposure Payroll compliance is often treated as
just a local country problem; it is not Organizations need to gain control over
risk and compliance processes
The Global Compliance Challenge
#PAYCON
EU Data Privacy
European Union directive adopted in 1995 which regulates the processing of personal data within the European Union.
Personal data should not be processed at all, except when certain conditions are met.
EU Data Privacy: The Directive
Based on 7 Principles: ◦ Notice◦ Purpose◦ Consent◦ Security◦ Disclosure◦ Access◦ Accountability
EU Data Privacy Principles
Why is EU Data Privacy Critical to Global Compliance? It applies to anyone collecting data on EU
Citizens. Employers doing business in Europe need to
ensure they are compliant with the EU Directive.
EU Data Privacy: Global Compliance
How to Ensure EU Data Privacy Compliance? Follow the 7 Outlined Principles. Encryption is often agreed to be the best
data security measure available as it renders the data unintelligible to unauthorized parties in cases of data loss.
EU Data Privacy Compliance
Requires security policies Policies are tested regularly Compliance programs are reviewed every 2
years Explicit consent
EU Data Privacy Updates
What are the current penalties? $1M EUR or up to 2% of revenue
What are the proposed penalties Fines of up to €100 million or 5% annual
turnover
EU Data Privacy Penalties
#PAYCON
Safe Harbor
Safe Harbor is the name of a policy agreement established between the United States Department of Commerce and the European Union (E.U.) in November 2000 to regulate the way that U.S. companies export and handle the personal data (such as names and addresses) of European citizens.
What is Safe Harbor?
Notice Choice Onward Transfer Access Security Data Integrity Enforcement
What Are the Basic Requirements of Safe Harbor?
Eliminates the need for prior approval to begin data transfers or provides for automatic approvals
Flexible privacy regime Enforcement will be conducted in the United
States vs Europe
Benefits of Safe Harbor
Go to www.export.gov/safeharbor Read the requirements Create an account Complete the documentation Send a check for $200
How Do I Register For Safe Harbor?
Safe Harbor Website
Self-certify each year Comply with the 7 requirements Ensure data is secure and accurate Maintain a compliance program
How Do I Comply With Safe Harbor?
High Court of Ireland sent Schrems vs. Facebook to the Court of Justice Of the European Union (CJEC)
The CJEC ruled on Tuesday October 6th that Safe Harbor is not valid
Issue is that US Companies cannot comply with EU Data Privacy due to the nature of the NSA’s ability to access data on US soil
So What Happened?
EU Privacy Principles still Exist Each Country Can Now Determine Its Own Data
Privacy Requirements Non-European businesses may be opened up to
significantly more scrutiny from regulators within Europe.
Countries can choose to suspend the transfer of data to the US — forcing companies to host user data exclusively within the country.
If the Safe Harbor rules in place since 2000 are done away with, each country in the European Union could potentially set is own privacy rules and regulations
What Happens Now?
Watch this space Review everywhere your company
potentially has Personal Data on EU citizens – HR Systems, Payroll, Accounting, Paper
Determine compliance regimes
What Do We Do Next?
Explicit Consent Data Hosting in the EU Encryption Model Contracts, Standard Contractual
Clauses and Binding Corporate Rules
Alternatives to Safe Harbor??
#PAYCON
The Office of Foreign Assets Control (OFAC)
Enforced by US Dept. of the Treasury Based on US foreign policy and national
security goals Specially Designated Nationals and Blocked
Persons list ("SDN List") includes:◦ Foreign countries and regimes, Terrorists…etc.
What is OFAC?
Why is OFAC Critical to Global Compliance? Need to ensure Global Personnel and
Foreign companies conducting business with are not on SDN List
Critical if carrying out payment transactions◦ Banks will run Beneficiaries through OFAC◦ Hit = Watch List
OFAC: Global Compliance
How to Ensure OFAC Compliance? Personnel Data is Required:
◦ Legal First and Last Name, DOB, City of Origin Run Personnel/Company against OFAC’s
SDN List In case “Hit” need to take due diligence
steps as outlined in Treasury Dept. site
OFAC Compliance Programs
OFAC Website
OFAC Search
Bridger Results
Take no action Request more information Issue Letter urging improved compliance Finding of Violation letter Impose civil penalty Making a criminal referral
OFAC Penalty Levels
What are the penalties? $1000 to $250,000 More if willfully involved
How do I reduce potential penalties? Prove compliance program Self report
OFAC Penalties
#PAYCON
Foreign Corrupt Practices Act (FCPA)
Foreign Corrupt Practices Act (1977) Prohibits payment of bribes to foreign officials to
assist in obtaining/retaining business Since 1998 extends to publicly traded companies
including foreign firms (directors, employees, stockholders…)
Securities and Exchange Commission (SEC) & Department of Justice (DOJ) responsible for enforcement
What is FCPA?
Why is the FCPA Critical to Global Compliance? Enforcement has shown increase in cross-
border collaboration Applies to any act by US businesses,
foreign corp. in the US, US nationals, citizens, and residents acting in furtherance of a foreign corrupt practice whether or not they are physically present in the US
Meaning of “foreign official” is broad
FCPA: Global Compliance
How to Ensure FCPA Compliance? Keep books/records that accurately reflect the
transactions Devise and maintain an adequate system of
internal accounting controls Ensure global personnel is aware of FCPA
regulations even if bribery is “commonly accepted” locally
Questions on conduct, use the Department of Justice’s Foreign Corrupt practices Act Opinion Procedure
FCPA Compliance
FCPA Website
What are the Penalties? In 2014, the DOJ and SEC resolved FCPA
cases with 10 companies for a whopping total of $1.56 Billion.
Siemens settled FCPA offenses with the DOJ and SEC in 2008 by paying $1.6 billion. The settlement is the biggest FCPA enforcement action.
FCPA Penalties
#PAYCON
United Kingdom (UK) Bribery Act
What is the UK Bribery Act? “The toughest anti-corruption legislation in
the world” 2010 Act criminalizes bribery, being
bribed, the bribery of foreign public officials, and the failure of a commercial organization to prevent bribery on its behalf
Serious Fraud Office (SFO)
UK Bribery Act
Why is the UK Bribery Act critical to Global Compliance? The Act has a near-universal jurisdiction,
allowing for the prosecution of an individual or company with links to the United Kingdom, regardless of where the crime occurred.
Failure of a commercial organization to prevent bribery is an offence
UK Bribery Act: Global Compliance
How to Ensure UK Bribery Act Compliance? Certify the identification of the Directors of
any company doing business with:◦ Certified copy of photo ID◦ Certified copy of proof of home address
Ensure global personnel is aware of UK Bribery regulations even if bribery is “commonly accepted” locally.
UK Bribery Act Compliance
What are the Penalties? A maximum of 10 years' imprisonment,
along with an unlimited fine, and the potential for the confiscation of property, as well as the disqualification of directors
UK Bribery Act Penalties
FCPA applies only to the corruption of foreign officials, the UK Bribery Act catches bribes offered or given to any person.
It is an offence under the UK Bribery Act to request, to agree to receive, or to accept a bribe. Whereas the FCPA only applies to persons giving or offering a bribe and not to those accepting one.
FCPA vs UK Bribery Act
#PAYCON
The Move to Automated Compliance (E-Filing)
Why? Local Governments are looking to
streamline Tax Reporting/Filing◦ Centralize & Standardize
Growing need for real time information Reduce red tape Reduce manual processes
The Move to Automated Compliance
United Kingdom – Real Time Information (RTI)
France -Déclaration Sociale Nominative (DSN)
Brazil – E Social Australia - SuperStream
Where is this happening?
Real Time Information Required by October 2013 Provide data directly to the HRMC after each
payroll run versus at the end of the year No longer will companies need to submit
P14, P35, P38A or P45s to the HRMC forms Companies will still need to submit P60's,
P9D, P11D forms
UK RTI
Déclaration Sociale Nominative DSN will replace and automate the manner in
which all Social Declarations are filed◦ a. Employee Hires: (Fixed term, must provide end date
of contract)b. Medical Leave: (Send within 3 days after leave to record for sickness, maternity, and paternity.)c. Leaving of an Employee: (Send within 3 workdays before the leave date)
◦ d. Monthly Changes: (Provide bonuses/premiums with dates of execution)ie. Other Impacts:i. Employees on parental/sabbatical leave need a pay slip
Required by January 2016
France DNS
Goal of eSocial is to gradually replace obligations like CAGED, RAIS, SEFIP and GFIP (labor and social security withholding forms) ◦ Streamlines data sent to the government regarding payroll,
labor, social security and tax obligations, and other information
◦ Ensures social security and labor rights are guaranteed for workers;
◦ Simplifies compliance with obligations◦ Improves the quality of information sent
Employer obligations are not changing, they are just being submitted in a standard, consolidated, automated format
Completed by September 2016
Brazil – e-social
Automation of Superannuation payments by employers
Employee must provide details of his or her selected pension program
Standard interface for all programs All companies must comply by June 30,
2016
Australia SuperStream
What does this mean for Employers? Investment into required software if in-
house Stringent Deadlines Revisions to payroll/filings almost
impossible Adherence to new protocols
What does it mean?
Global Compliance is often overlooked if operations locally are compliant; it can’t be.
Companies with US and Global Operations need to implement protocols with regards to OFAC, FCPA and any applicable local regulations.
Conclusion
Thank you and please remember to complete your evaluation for this session.