Proper Employee Data Practices Crucial for International Payroll

Bloomberg Law for HR Professionals is a complete, one-stop resource, continuously updated, providing HR professionals with fast answers to a wide range of domestic and international human resources...

By Howard Perlman

Payroll practitioners performing transactions that involve employees who live or work outside the U.S. should be familiar with requirements for international payroll transactions and understand how to prevent noncompliance.

Some of the most critical requirements regarding international payroll compliance involve processing employee identity data, said Darin Lowe, director of global sales for Celergo Global Payroll, at the Sept. 10 meeting of the Washington Metropolitan Area Chapter of the American Payroll Association.

Failure to uphold certain national security requirements and identity protection protocols regarding personal data of employees living or working abroad may in some cases cause employers to be fined hundreds of thousands of dollars, Lowe said.

National Security

Comparisons between employers' personnel lists and a Treasury Department list detailing individuals and organizations outside the U.S. to which payments from U.S. employers generally are not permitted may help employers avoid penalties for making payments that appear to be these individuals or organizations, Lowe said.

Some types of individuals on the Specially Designated Nationals (SDN) list of the department's Office of Foreign Assets Control are terrorists and drug traffickers.

Under the International Emergency Economic Powers Act, employers that pay an individual or organization on the list may be fined a civil penalty that is the greater of up to $250,000 or twice the amount of the illicit payment. Each criminal violation of the act may lead to a fine of up to $1 million and up to 20 years of imprisonment.

Employers may review lists of potential new hires to avoid inadvertently hiring individuals on the list.

The list does not have a fixed schedule of updates and sometimes is updated on consecutive days, so employers should compare personnel lists with the SDN list on a recurring basis to avoid paying individuals placed on the list after their date of hire, Lowe said.

Employers may save thousands of dollars by avoiding improper processing of employee data in international payroll transactions.

Asking new hires to provide their cities of birth may be especially helpful for avoiding situations when a payment to an individual not on the list is mistakenly identified by the department as an illicit payment because the payment was to an individual who had the same name and date of birth as an individual on the list, Lowe said.

After matches between employers' personnel lists and the SDN list occur, employers should immediately report the matches to the department and identify whether the match is potentially erroneous or undoubted, as this self-reporting may help mitigate penalties, Lowe said.

Payroll departments that demonstrate to the Treasury Department that they implemented stringent processes to significantly reduce the risk of paying an individual or organization on the SDN list may help guard employers against criminal penalties, Lowe said.

Identity Protection

Familiarization with countries' laws and regulations regarding protocols that must be implemented for transmissions of employees' personal identity data may help employers avoid penalties for improperly transmitting the data in payroll transactions and other communications, Lowe said.

Data privacy laws in the European Union, which vary by country, generally are stricter than those in the U.S., Lowe said.

EU countries generally require employers to provide employees with sufficient notice of how their identity data are to be used and transmitted. The countries also generally require employers to get employees' consent to transmit their personal data and disclose how the data are used, Lowe said.

Terms of employment contracts signed on the date of hire often may help employers fulfill some of these general requirements.

As with violations of U.S. national security laws when performing international payroll transactions, violations of countries' data privacy laws when performing international payroll transactions may cause employers in some cases to be fined hundreds of thousands of dollars.

Violations of data privacy protocols when processing payroll often may be construed as violations of a country's data privacy laws in general. Google Inc., for example, was assessed by Spain a penalty of about $1.2 million in December 2013 for violating the country's data privacy provisions and was assessed by France a penalty of about $203,500 in January 2014 for violating its data privacy provisions, Bloomberg reported Jan. 8, 2014.

Penalties for violating data privacy protocols of countries other than those in the EU also may be quite high. For example, employers that engage in serious or repeated data privacy violations may be fined by Australia up to about $770,000.

Request Bloomberg Law for HR Professionals