Limits to consider on employment compliance programs
Compliance programs are focused on preventing and managing the risks related to the company's core business. In the case of Employment Compliance, the legal risks that are intended to avoid are those that come from the breach of employment rules. Such risks are identified on the risk matrix, and upon them, a prevention plan is elaborated based on their frequency and probability.
Throughout an Employment Compliance program, companies can improve their work environments by developing a prevention culture and care among employees. Having a safe place, employment contingencies are reduced, promoting in one hand satisfaction among collaborators and enhancing on the other, production, while avoiding reputational risk or legal costs.
According to Peruvian Law N° 29245 that rules outsourcing services, the client company is liable under specific scenarios, for the payment of all labor and social benefits of the vendor company's employees, during the time such employees were deployed to the client company for executing services.
Considering this liability, many companies have developed a high standard list of requirements to vendors to fulfill their employment compliance, requesting proof of payment of all social, pension and employment benefits carrying out strict due diligence on each one of them.
However, it is important to note that, the purpose of verifying that these obligations are accomplished, does not grant necessarily the right to access to the vendor's confidential commercial information, not being this the purpose of the Employment Compliance. In many cases, the rigorous demands on the review of these obligations do not consider the consequences of sharing this information, not only for the vendor but also to the client company.
Therefore, the employment compliance program purpose is not to access to confidential commercial information from the vendor, especially, when this sensitive information may allow the client to understand the vendor's business model, costs, margins, and salaries per key employees, among others. Having this in mind, it is important to consider there are other ways in which companies can verify the accomplishment of these obligations, such as affidavits confirming payment either by the vendor or directly be each employee, review of samples or even by reviewing the total declarations made by the vendor's accountants.
In this sense, it is important either for the client and the vendor, to consider the obligations and liabilities they assume when entering into this kind of clauses, evaluating their employment compliance program's reasons and purpose.
Moreover, compliance culture is based on trying to prevent specific events from happening. Thus, if such events occur, mechanisms established for regulating this event should trigger, providing the compliance program with evidence of prior due diligence, avoiding any corporate failure.
Finally, in Peru as well as many other countries, data protection rules consider the principle of consent, being mandatory to obtain specific permission in order to share personal information, especially when sensitive information, such as personal income, is being treated.
Therefore, when discussing this type of obligations, it is advisable that clients and vendors should consider that employees must consent and accept these terms, on a freely, informed, and unambiguous way, otherwise, the transfer of this information would be considered illegal.