What does the 2022 regulatory landscape have in store for your European contingent labour supply chain?
The year 2021 was no doubt a game changer in how we manage compliance in our contingent labour supply chains.
On a global scale, for the second consecutive year, Covid-19 not only affected our (mental) health and wellbeing but despite the vaccine rollout it also continued to significantly impact our working practices. In the world of tax compliance, the Pandora Papers have again shed an interesting lens on how the rich and powerful manage their finances, by operating creative and sometimes opaque structures. This reinforced the public’s call for tighter checks and controls on both cross-border tax avoidance and evasion [1]. From an environmental perspective, the 2021 United Nations Climate Change Conference and the Shell case[2] caused countries and companies to drastically rethink their climate change and carbon emissions policies. And although we’re more reliant on data than ever, regulations such as the GDPR have equipped local authorities to issue draconian fines to those organisations who abuse our personal data[3]. Law enforcement is certainly baring its teeth!
Although those global events of course do not necessarily trigger a regulatory revolution at local or industry level, what is clear is that Covid-19, tax compliance, ESG and data protection are the four pillars that will shape how we manage our contingent workforce in 2022 and in the years to come.
David Korthals-Clarke gives you a high-level, non-exhaustive overview on what regulations UK and mainland Europe businesses need to be aware of when hiring and managing a compliant contingent white-collar workforce.
Covid-19 and the WFH regime
Due to Covid-19, many contingent workers, especially those working in the finance and IT sectors, have been given the opportunity to work from home. From a mobility standpoint, many end users are now willing to hire a more ‘exotic’ contingent workforce. This means that staffing businesses can source remote workers who can be located everywhere across the European continent. Geographically speaking, we have more access to talent than we ever had before. However, contracting with offshore contractors can trigger risks like IT security, immigration, tax and social security and contractual enforcement risks.
Understanding where your contingent workforce is based, their right to work and how contractors and umbrella companies structure their tax and social security affairs, is paramount. In principle, contractors need to be paying tax and social security in the country where they perform the work, unless an exception applies. How many recruitment businesses discovered that during the Covid-19 pandemic their contingent workers suddenly had relocated to sunny southern Europe?
It may sound surprising, but businesses are not always aware of the relevant laws and regulations that relate to the provision of cross-border work services. Especially end users sometimes wrongfully believe that structuring a placement in a non-compliant manner is a risk they can pass onto their suppliers.
Another factor that makes things even more complicated is when businesses are keen to switch to hybrid models where they expect their workforce to be partially office-based and/or travel abroad (although this development has been stalled due to the rise of the Omicron variant). This will present an additional layer of complexity as businesses need to map where the work is performed and what tax, immigration and labour laws need to be observed.
Tax compliance and pseudo self-employment
In 2021 the UK introduced an influential piece of legislation that may potentially inspire how other European countries dress up their tax legislation regarding disguised employment.
The essence of the revised off-payroll (IR35) rules is that if contractors who operate through their own personal service company (PSC) work as employees, they need to be taxed as employees. It will be the responsibility of the end user to make an IR35 status determination on the actual working practices of an assignment and exercise reasonable care when making that determination. By conducting an IR35 assessment or completing a specifically designed questionnaire, the end user should assess if a contractor’s earnings from an assignment need to be taxed as employed income or self-employed income. If the tax status is deemed to be employed, then the end user will need to instruct the fee payer (often the recruitment business) to make the relevant statutory PAYE deductions before paying the contractor’s invoice. Exceptions may apply. [4]
This new legislation has given the UK tax authorities (HMRC) a powerful tool to proactively audit how businesses have implemented the legislation and this no doubt makes it easier for HMRC to detect potential non-compliance.
Despite announcing a soft landing following the first 12 months of implementation and a commitment to a ‘supportive approach[5]' , HMRC has already contacted various businesses in the oil and gas and the financial services industry to find out what they have done to ensure compliance with the legislation. Notwithstanding the somewhat informal tone of the letter, HMRC requires businesses to demonstrate that they have a robust IR35 process in place and that they can provide the authorities with clear data on how the supply chain is structured and how the status of the workers is determined. The covering letter and associated schedule sent by HMRC can be found here.[6]
Businesses who believe they have nothing to fear should be aware of the fines that were incurred by DWP (£87.9 million) [7] and the Home Office (£33.5 million) [8] for getting their status determinations wrong.
It is not just IR35 that businesses should consider. Now is the time to also assess the impact of the Criminal Finances Act 2017 (CFA). Whereas previously it was unclear as to what extent recruitment businesses were affected by this legislation, HMRC guidelines have made it abundantly clear that recruitment businesses and their end clients are also caught by the CFA. According to the CFA, businesses need to have reasonable prevention measures in place (similar to those reasonable prevention measures mentioned in the UK Bribery Act 2010) to prevent the facilitation of UK or foreign tax evasion by its associated persons. To ensure compliance in the supply chain, HMRC has issued various due diligence principles that are directly relevant to the supply of labour. [9]
In response to a Freedom of Information request, HMRC revealed that in May 2021 it had 14 CFA cases under investigation. [10] A further 14 live opportunities were under review. These investigations and opportunities span 10 different business sectors, including financial services, oil and gas, construction, labour provision and software development. [11] There is no doubt that more HMRC enforcement action will make news headlines in 2022. Fines can be unlimited, and a criminal conviction can have a detrimental impact to the reputation of the wrongdoer.
Labour supply chains are at higher risk of getting investigated and therefore it is likely that more and more end users will be asking their suppliers questions regarding how their contingent workforce is structured and paid.
On a final note, did it escape anyone’s mind that the EU is now preparing a proposal on granting gig workers’ employment rights? [12] The proposal would shift the burden of proof on employment status to companies, rather than the individuals that work for them. Although it concerns a slightly different industry, taxi and delivery drivers as opposed to office workers, what is clear is that the EU authorities are clamping down on pseudo self-employment at an unprecedented pace and this will potentially have a domino effect in the years to come.
The rise of the ESG movement
ESG is booming. These are a set of environmental, social and governance standards for company operations and used by many investors who favour companies that score highly on environmental and societal responsibility scales as determined by third-party, independent companies and research groups. [13] It is of growing importance to every sector, not just the manufacturing, agricultural the retail industry.
Big corporations need to combat climate change through reducing greenhouse gas emissions, along with having in place an effective waste management and energy efficiency programme. From a labour supply perspective, organisations will need to ensure that their (labour) supply chains are diverse, free of slave labour, tax evasion and corruption, meet environmental and safety standards to name but a few and report this to the relevant authorities. Equally, diversity and inclusion (D&I) is an area which has become increasingly important, and many businesses already ask their contingent workforce partners to provide them with D&I data as part of a tender process.
It is also worth paying attention to the rapid rise of comprehensive anti-modern slavery legislation. The phenomenon of modern slavery already caught public attention in the nineties. Does anyone remember the public outrage following the 1996 Nike Scandal? [14] More recently, the media storm around the topic of workers’ rights in the run up to the 2022 Football World Cup in Qatar has certainly put the topic back on the agenda of governments, NGOs, and other policy makers.
In 2015, the UK introduced the Modern Slavery Act which imposed an obligation on businesses with a turnover of more than £36 million to provide the public with a Modern Slavery Statement. That was clearly just the start as more legislation in this area is expected at European level [15]. Countries like Germany and the Netherlands have implemented their own laws on supply chain compliance. [16] The Netherlands introduced the Dutch Child Labour Due Diligence Act (‘Wet Zorgplicht Kinderarbeid’) which is expected to become effective in mid-2022 and Germany has adopted a comprehensive act on corporate due diligence in supply chains (‘Gesetz uber die unternehmerischen Sorgfaltsplichten in Lieferketten’).
The repercussions for getting it wrong should not be taken lightly. By way of illustration, the German Government has decided that large companies with an annual global turnover of more than €400 million can be required to pay fines of up to 2% of their annual global turnover under section 24 of the Act. Furthermore, section 22 of the Act stipulates that companies that have been fined a minimum of €175,000 can be excluded from public procurement for up to three years.
The EU has even taken it one step further and issued a draft Directive on Corporate due diligence and corporate accountability [17] and also published Guidance on the Due Diligence for EU businesses to address the risk of forced labour in their operations and supply chains. [18] According to Article 1 of the draft directive, the draft legislation is aimed at ensuring that undertakings under its scope operating in the internal market fulfil their duty to respect human rights, the environment and good governance. Any adverse impacts need to be prevented or mitigated both within and outside the organisation, including the relevant supply chains.
If it were to become effective and transposed into national law of the relevant EU member states, then both EU businesses and organisations that do business in the EU are expected, amongst other obligations, to carry out due diligence checks on their suppliers and subcontractors.[19]
Although the risk profile of businesses that supply niche finance and IT professionals is low from a modern slavery perspective, there is no doubt that within the next couple of years big corporations will have to carry out more due diligence on their entire supplier base. This will be irrespective of location or sector to ensure their labour supply chain is supportive of the broader principles underlying ESG.
Data protection
Data protection legislation is getting more and more complicated. International data transfers have come under scrutiny and may have to be accompanied by a transfer risk assessment and supplementary measures being taken to safeguard the relevant personal data. Moreover, due to Brexit, in addition to the GDPR, many organisations also face the regulatory burden of ensuring compliance with the so-called UK GDPR.
Although the regimes are broadly similar, the UK Government recently launched proposals to promote a more flexible data protection regime for the United Kingdom. [20] Examples are abandoning Data Protection Impact Assessments (DPIA), Legitimate Interest Assessment (LIA), charging fees for subject access requests (SAR) and allowing businesses to engage in high-risk data processing activities without seeking prior permission from the Information Commissioner’s Office. [21]
Whether these proposals will transpose into law remains to be seen but what is clear is that it might achieve exactly the opposite of what the changes seek to achieve.
Especially labour supply chains these days can cross various borders. Personal data may be transferred across the globe. The world has become a smaller place. As an example, the end customer may be based in the US, the recruiter in the UK and the contractor in Germany.
Is it reasonable to expect that businesses will be able to cope with the changes especially if data protection regimes become more and more divergent? And long-term, how will this impact the UK’s adequacy status under which EU personal data can freely flow to the UK? In the absence of relevant industry guidance, businesses may collectively suffer from regulatory fatigue which ultimately erodes the protection of the data subject i.e. the person whose data is processed.
The European Commission is also looking at imposing stricter rules on the use of artificial intelligence. Businesses who for example consider utilising CV-sorting software for recruitment procedures may be subject to strict obligations before they can be put on the market. [22]
Finally, cyberattacks become more and more frequent and vicious. The recruitment industry is certainly not immune from IT security incidents. [23] Will end users require their contingent workforce suppliers to get a booster jab (if they act as data processors) by obtaining ISO 27001 certification? Only time will tell.
Conclusion
In 2022 and the years to come, businesses can expect a plethora of rules when hiring a contingent workforce.
Whereas only a decade ago the focus was predominantly on tax compliance and background screening checks, these days, the entire supply chain needs to consider a much wider set of rules.
In a changing world where the focus is more on sustainability and preserving our world for future generations, staffing providers not only need to ensure that they recruit a skilled labour force, but it is just as important that the workforce is sourced, paid, and treated sustainably. More emphasis will be laid on enhanced supplier due diligence.
It will be inevitable that businesses need to invest time and money in recruiting internal or external resources who can manage their compliance programmes.
Contrary to popular belief, achieving and monitoring supply chain compliance is simply not a box-ticking exercise. Neither will it be achieved by negotiating indemnities. Supply chain compliance can only be achieved by working as partners. Are you keen to discuss how we can help you manage your (future) workforce?
---------------
[1] For an explanation of the difference between tax evasion and avoidance, see: https://theconversation.com/the-pandora-papers-show-the-line-between-tax-avoidance-and-tax-evasion-has-become-so-blurred-we-need-to-act-against-both-169353
[3] See an overview of the biggest GDPR fines awarded in 2021: https://www.skillcast.com/blog/biggest-gdpr-fines-2021
[4] End users who do not need to assess employment status are the ones who can benefit from the small business exemption. A business will be small if it satisfies two or more of the following requirements: (1) It has an annual turnover not exceeding £10.2m; (2) It has a balance sheet total not more than £5.1m (3) It had an average of no more than 50 employees for the company’s financial year.
[19] https://www.cbi.eu/news/european-due-diligence-act. The draft Directive can be found here: https://www.europarl.europa.eu/doceo/document/TA-9-2021-0073_EN.html[1]https://www.gov.uk/government/consultations/data-a-new-direction.
[22] https://ec.europa.eu/commission/presscorner/detail/en/IP_21_1682. A link to the proposal for a new EU regulation can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52021PC0206&from=EN.
[23] https://www.apsco.org/article/biggest-cyber-security-threats-to-the-recruitment-sector-4147.aspx. Another example can be found here: https://www.verdict.co.uk/data-breach-crew-and-concierge-limited-yachting-industry/
.png)
