0

IN Conversation with Shakil Gour: How to handle compliance while performing Background checks globally?

Which region/ service in your experience has the most complex Employee Screening compliance laws?

Based on my experience in the global verification practice, EU has the most complex landscape with its stringent data security and privacy laws. The most recent and complex regulation is the GDPR compliance established in the EU data security landscape making background checks more rigid.

When it comes to service delivery, the criminal records check is undoubtedly the most complex to verify as information on an individual’s criminal records is considered most sensitive. Criminal checks involve high degrees of complexity and sensitivity as it deals directly with a candidate’s criminal background. Dealing with such sensitive information requires adequate research and understanding as every country has its own data security laws that need to be adhered to.

Could you provide examples of recent updates in Employee Screening compliance in the APAC region?

Many countries in the APAC region are in the process of amending their respective data protection laws. The Cyber Security Law in China is one such recent change that will have a huge impact the Employee Screening process.

NPC ( National Privacy Commission) – regulator of data privacy act in the Philippines is updating the terms of its current data protection laws. This change has imposed a mandate on all organizations processing personal data to register a DPO (Data Protection Officer) by the 9th of Sept 2017. The personal information controller is required to register all personal data processing systems by the 8th of Mar 2018.

India, until the recent supreme court verdict, did not have legislation on privacy or data protection laws. Now with privacy becoming a fundamental right in India, we expect the data protection model will undergo a radical transformation.

The data protection laws in Singapore is also witnessing a change that would impact the compliance programs. Currently, the compliance programs are under public consultation which is expected to witness an impact soon.

What are the key requirements while defining a global compliance strategy for an organization with the global presence?

The key requirement to consider while defining a global compliance strategy is to identify the most appropriate and registered source that keeps you abreast on dynamic compliance norms. Such sources of inputs ensure there is complete adherence to the statutory laws laid by each country.

The other critical factor to consider would be on how organizations interpret compliance updates and adhere to compliance norms with 100% accuracy.

Additionally, a well-defined global compliance strategy includes implementing a cost-effective solution for background checks. And as an employee screening provider, it is important to keep the client updated about the constant changes in compliance.

What is the biggest element that leads to breach in compliance during Employment Screening & how can organizations overcome it?

It is mandatory for organizations to understand, implement and comply with the various privacy laws and to stay abreast of the ongoing changes. Such constant updates on the statutory and legal laws can be received through a Triangulated framework that would involve 1. Research 2. Validation 3. Verification

Research entails analysis & listing of all the compliance & data protection laws specific to every country. The listed laws and compliance information is then validated by an Employee Screening partner before communicating it to the organization. Once validated, the law is verified by global audit firms thereby completing the framework. This framework helps organizations receive the most updated laws & compliance norms for implementation.

According to you, what kind of compliance aspects does a customer consider while assessing a vendor for selection?

  • The foremost requirement that customers consider while assessing a compliance vendor is the implementation of Information Security Controls by the screening provider. With relevant Information Security controls implemented, a majority of data privacy-related risks are eliminated
  • There is an increased emphasis on periodic audits by external parties on the privacy controls of the provider
  • Customers also look for a dedicated data protection officer/ legal department that is responsible for implementing relevant controls

From a compliance perspective, what are the risks of working on cloud vs. on-premise system for Employee Screening?

Working on the cloud requires an in-depth understanding of the compliance norms of the region where data is hosted. Hosting data on the cloud reduces risks related to data backup and increased operational costs.

On the contrary, on-premise models do not have a bearing on compliance norms of various regions as they is hosted locally. However, on-premise models include risks of a single point failure. Availability of data & operational costs is also a concern.

At the outsight, risks involved in on-premise out-weigh those incurred by using cloud-hosted models. Thus, choosing a cloud solution provider complying with compliance norms, data security & backup measures is always the best fit for any organization.

What is the key metrics that an organization should track to measure the effectiveness of the global compliance strategy implemented?

  • Tracking the number of compliance that an organization needs to adhere to
  • Creating a checklist and performing monthly audits to check compliance adherence levels
  • Maintaining consistent and high compliance scores and to identify its relative significance to performance month on month
  • Seeking external professional advice to check adherence to compliance and assess the effectiveness of audits

What would be your advice to organizations who perform screening for their global hires? 

Any organization should define a global screening policy with the help of an external and certified professional agencies. The policy should also include a global package matrix that details roles of new hires and a listing of background checks that are required to be performed. In addition to defining a well-structured policy, the organization should have a thorough understanding of the different checks that can be legally performed in the country where employees are being hired. Standardizing the employee screening process across the globe provides better & faster results.

0

The Risks of Non-Compliance for your Business

by Shilpa Shingade

Introduction

Corporate compliance involves adhering/following to a wide range of rules, regulations, laws, and standards which are designed to protect your business, employees, stakeholders and all others involved in the organization. Right from obeying safety guidelines, to following the standards for payment of wages an organization must comply with all the local, state and federal laws at all the times.

In recent years, adhering to the laws and standards, and monitoring the compliance of the business processes has evolved as a major concern for the business owners. Monitoring not only refers to continuously observing possible compliance violations but also includes predicting possible compliance violations in the future. Since the concept of business process compliance is vast, thus approaches related to process monitoring are hard to identify. Monitoring the compliance of business processes with relevant regulations, constraints, and rules during runtime has evolved as a major concern in practice.

The cost of non-compliance and monetary fines have been continuously increasing in the past few years. However, business owners are getting impatient as these consequences would affect the organization in many ways. Increased complexity, enforced business changes, and individuals being held personally accountable are all set to continue because of continuous compliance failures.

HR Compliance Plus

Why Statutory compliance

  • Required by Law-All the registered companies are required by Lato follow the statutory laws and comply with them.
  • Audits-Non-compliance also invites unnecessary inspection and audits, leading to waste of time and money.
  • Financial  Penalties-Non-adherence to statutory Compliance leads to payment of heavy fines and indirect loss to companies.
  • Imprisonment-Non-compliance may lead to fines and imprisonment of the CEO/Directors/Board members
  • Brand Value and Market Reputation– Payment of fines and imprisonment can destroy a company’s brand name
  • The company shut down– In serious non-compliance cases, companies are asked to shut down by the authorities.

Recent examples of the impact of being Non –Compliant  – Referred from QuickBooks Resource Centre

  • The Department of Labour’s Wage and Hour Division (WHD) recently obtained a consent judgment of nearly $1 million to secure the payment of back wages from Manna, a restaurant chain operating in New York. 
  • Businesses that are found to have discriminated against an applicant’s protected class (e.g. religion, national origin, sex, etc.) can expect to pay up to $300,000 in compensatory and punitive damages, depending on the size of the offending company.
  • If you are alerted to an OSHA violation, don’t hesitate to correct it. Allegations of blocking exits and hazardous conditions at a Boston location led to Dollar Tree Stores facing a fine of $177,800.

Newer technology driven solutions have emerged to protect businesses from Non-Compliance

Compliance requirements can be complex, and business owners may not always be fully educated about the latest rules and regulations.

Because of the vast number of government guidelines for compliance, it can be easy for business owners to find themselves in violation, leaving their companies open to penalties and even dissolution. Having a complete and thorough understanding of corporate compliance is crucial to protecting your business in the years to come.

Illustrative benefits of  using technology driven approach:

  • Reduces business risks
  • Helps to expedite global expansion
  • Enhances control and visibility
  • Real-time, cloud based platform
  • Enables proactive alerts, notifications, and escalations to eliminate business risks
  • Interactive global compliance command center -that allows you to change priorities, delegate activities and monitor progress
  • Flexible, customizable
  • Intelligent dashboard, alerts, and analytics.

After all, when it comes to non-compliance issues, ignorance of the law is no defense.

“Being Complaint is not a choice, but a mandate”