HR Post Sarbanes-Oxley

Help is on the way: A quick guide to compliance through HRO.

by William B. Bierce

Your HR departments legal compliance burden is heavy and growing, but as Senator Kerrys campaign speech notes, Help is on the way. Who would have thought that an opponent of outsourcing could define a compelling mantra justifying HRO?

In this issue, the editors have assembled a directory of HRO resources. As a companion to that resource directory, this months column focuses on the legal framework for enterprise customers and their service providers in managing legal compliance.

HRO resources can support your fiduciary and compliance obligations. However, you cannot transfer your basic fiduciary duty as a director or officer, your liability for non-compliance with legal mandates governing the relationship between an employer and an employee (or retiree), your duty to design and manage all essential business processes, or your criminal liability for your intentional acts that constitute white-collar crime. Fiduciary duties arise under corporation laws, tax collection laws, retirement benefit administration laws, and under special written agreements.

Contractual Duty. Normally, a contract to perform services does not automatically create a fiduciary duty. But by agreeing to perform certain functions, the service provider could be subject by statute to a degree of liability and to the same protective measures that are normally associated with being a fiduciary.

Fiduciary Duty Within Scope of HRO. Service providers and customers need a common understanding of the borders between the providers services and the customers liability. This allocation of liability starts with the definition of the scope of outsourced services. Certain functions will automatically create statutory liability for the service provider. For example, handling a clients money may make an HR service provider liable for statutory compliance, whether or not that obligation is assumed by contract.

Under ERISA, HR service providers will be treated as fiduciaries and subject to the bonding requirement if they disburse (or authorize disbursement of) plan funds, sign checks for the plan, handle cash or property of the plan, or act on behalf of the plan in its financial matters. Similarly, if anyone authorized to pay payrolls fails to withhold and pay required state and federal withholding tax, they will be subject to applicable statutory penalties under the tax laws. To avoid fiduciary duty, some HRO providers choose a limited scope of services, where they do not handle a clients money and do not agree to withhold and pay taxes. As a customer, you can still contract to have them provide essential administrative support; alternatively, you can shop for a provider that assumes specific roles and liabilities.

Process Management. Sarbanes-Oxley requires transparency in virtually all material business processes. The outsourcing provider is expected to hew to the same standards of transparency, process control, and auditability. Where the service provider brings superior process management, this will facilitate the customers fulfillment of its legal compliance obligations. Where neither the customer nor the provider is in compliance, the providers contract could give the customer an added deep pocket for recourse incase of liability.

Outsourcers are regularly audited regarding the design and operational effectiveness of the processes, procedures, and general controls of their operations. In HRO, such audits might include computer operations, security, monitoring, change management, service level agreements, help desk support, and records management.

Records Management. Sarbanes-Oxley requires that publicly-owned companies maintain and manage the integrity of their business records. The federal obstruction-of-justice statute now makes it a crime to knowingly alter, destroy, mutilate, conceal, or falsify any document or tangible object with the intent to impede, obstruct, or influence proceedings involving federal agencies or bankruptcy proceedings. HRO providers need to identify how they will support compliance, particularly in light of new white-collar criminal penalties. Since Sarbanes-Oxley was born out of a public perception of lax ethical standards by lawyers and accountants, parties to an HRO agreement should establish ethics and compliance standards.

Conclusion. Legal compliance duties are at the core of any well-designed BPO relationship. Achieving full compliance depends on appropriate design, definition, and interplay of the outsourced scope with retained operations and retained supervisory roles. The consequences of a compliance failure need to be considered within the framework of the enterprise customer’s own legal liability and risk management procedures.

Tags: Contributors

Related Articles