ESGRisk and Compliance

Take Note

Changing regulations is yet another issue that HR must focus on in the coming year. How can leaders ensure compliance?

By Simon Kent

Compliance will undoubtedly remain a challenge for HR long into the new year. The future of the workplace is not just about upholding current rules and regulations; there are a few other requirements heading HR’s way.

Chris Moseley, co-founder and chief technology and innovation officer at edays, says there can be many pitfalls involving absence and leave management. This work varies not just from country to country, but in some cases, from region to region. “Many European countries have their own forms of parental leave for example, which vary in duration,” he says. “There are many other types of leave such as bereavement, compassionate, sickness and more which will differ from country to country, and some may be a legal requirement and others may be offered at the discretion of individual organisations.”

Louise Haycock, partner of Fragomen LLP, explains that Brexit continues to impact compliance around the movement of employees. Companies must act as sponsors to incoming employees, and this is no easy fix. “Obtaining and maintaining a sponsor licence in the UK comes with a raft of compliance obligations that must be continually monitored and can be periodically audited by the home office,” she says. “The skills and salary threshold for a skilled worker is low compared to other regimes but the UK system is very expensive which can be off-putting.”

Moving talent in the opposite direction can equally be time-consuming and at the end of 2023, there will be an additional requirement of the completion a pre-travel authorisation, much like the ESTA in the U.S. The situation is further complicated by each European country having a separate system for obtaining authorisation and work permission.

Michelle Reilly, CEO of contractor compliance experts 6CATS International, draws attention to the case of remote workers. “Following lockdown, remote working has become increasingly popular, for local nationals in their home country but also for cross-border placements,” she notes. “This does not come without its challenges. Ensuring the worker is engaged and paying taxes correctly is critical and PEOs are growing in popularity as a result of this. However, there are also potential permanent establishment issues depending on the role being performed by the remote worker.”

Despite being in place for many years, GDPR rules are still providing headaches for HR. “HR needs to have a good understanding of what obligations are placed on their organisation when collecting and processing employee data, what types of personal data is collected – included when and what legal basis is relied upon for the collection – and the rights afforded to such employees, for example the right of access,” says David Ward, a partner in the employment law team at Blacks Solicitors. Ward also notes that the collection of health data, perhaps more pertinent since the pandemic, is a particularly sensitive topic which HR needs to fully understand before processing such information.

Tom Jozak, chief privacy officer of critical administrative services company TMF, says one challenge is ensuring GDPR compliant employee data processing in the supply chain. One stipulation for processing data includes only doing so on “documented instructions,” which is designed to ensure HR service providers’ employees have committed themselves to confidentiality implementing adequate security measures. They also need permission from the client to involve other processors. “The issue arises when HR service providers and their suppliers cannot agree about which technical and organisational measures should be implemented,” Jozak explains. “Where the GDPR requires these measures to be ‘the same’, in practice they are usually not, or at best they are substantially similar. Not being able to agree to the same but substantially similar measures, has actually become a standard market practice.”

If these challenges weren’t enough for HR, there are at least two more compliance issues set to demand attention this year. Vera Cherepanova, global compliance and ethics consultant and author says the EU’s Corporate Sustainability Reporting Directive (CSRD), which came into force at the start of the year, has brought with it a huge amount of new reporting requirements that certain businesses need to be ready to submit from 2024. She warns HR to start preparing for this reporting process now.

“The new disclosures required by the CSRD must follow the double materiality principle – the information has to be provided regarding every aspect that is either material to the business’ success or material from an ecological, social, or governance standpoint,” she explains.

The list of data sets required from HR is extensive. It covers the role of the administrative, management, and supervisory bodies with regard to sustainability matters, training and qualification, diversity issues, corporate governance, compliance with human rights, and more. “On top of all that, the CSRD requires that reported information be both audited and digitally tagged to feed into the European single access point,” she says. HR heads need to act now to ensure they can access this data and that they have the required infrastructure to ensure the flow of that data on an ongoing basis. “A logical first step is to conduct a risk assessment, or CSRD-readiness audit, to identify any policy gaps, risk hotspots or deficiencies within the business’ IT and operational infrastructure,” says Cherepanova.

Natalie Cramp, CEO of data science company Profusion also raises the EU’s draft Artificial Intelligence Act, set to come into force in 2024. The act is likely to have the same far-reaching impact as GDPR, requiring compliance from anyone working within the EU as well as those based there. One area of particular challenge in the Act is the provision of ‘human oversight’ for certain AI applications. While welcome, the provision has drawn attention to the current data skills gap in the sector.

“Being able to effectively monitor AI systems requires a good level of data knowledge,” says Cramp. “At the moment, even rudimentary data analysis skills are in short supply in many organisations. As a result, we can see this becoming a real bottleneck that will inhibit the development and use of AI systems unless action is taken now.”

“Practically speaking, there are simply not enough people graduating with data relevant qualifications to meet current market demand, let alone the basic knowledge of data fundamentals across all levels of organisations,” says Cramp.

The implication here goes further than simply compliance, then – moving forward into an organisation’s talent requirement and people strategy. The future is therefore set to be both complex and busy for HR if it is to meet all its compliance needs.

Tags: EMEA January/February 2023, esg, Risk and Compliance

Recent Articles