In 1991, the US Sentencing Commission published its Sentencing Guidelines for Organizations, which set standards for creating corporate compliance programs that allow for more favorable treatment from the courts in the event of a compliance failure. And in today’s highly regulated environment, compliance failures are highly likely.
Indeed, the regulatory risks on all industries have increased exponentially. Now, even a “simple” business like staffing services can be considered highly regulated, and staffing firms will be well-served to adopt a deliberate risk management strategy.
Larger organizations, particularly those that are publicly traded, can engage accounting firms and consultants to conduct large-scale enterprise risk management projects, but most companies lack the resources to engage in such exercises. However, it is relatively easy to adopt and implement one of the key features of such a program: a formal risk assessment.
The scope of a risk assessment will depend upon the nature and size of the organization, the perceived risk areas and degree of risk, and the resources that the organization is willing to devote to the exercise. The most commonly assessed risk areas are:
Legal/Compliance. A legal risk assessment endeavors to identify and prioritize the organization’s regulatory risks and develop approaches to mitigate them. The mitigation efforts are typically focused on the highest risk areas identified, as well as easy fixes to lesser risks, allowing for a manageable and logical process. There are a number of staffingspecific risks that should be included in every assessment, such as wage and hour compliance or obtaining proper and timely I-9s from remote staffing personnel. Another example is compliance with the HIPPA and HITECH Acts when providing services in healthcare environment. In each of these examples, the penalties and financial exposure can be substantial.
Insurable risks. A number of risks are insurable, but a staffing firm’s coverage may not address its specific needs. For example, standard coverage forms may not include theft/crime coverage for temporary employees on assignment at the client site.
Another issue that often arises is when applications for insurance coverage have incomplete or incorrect information. In most states, this can be grounds for rescission of the policy and denial of a claim, which typically occurs in a large loss situation when the business needs the coverage the most.
Safety. White-collar staffing firms may not always give adequate attention to the safety of core and temp employees. Repetitive trauma injuries like carpel tunnel syndrome are a real risk to both internal and external personnel. A program to recognize and mitigate such injuries is smart from both a compliance and financial standpoint. Other client-specific risks may exist, and staffing companies are potentially jointly liable for OSHA violations at client sites. In addition, some states have specific requirements for formal worker safety plans. There are also annual OSHA reporting and posting requirements that employers may overlook.
Business. Business risk includes the inherent operational and financial risks faced by your organization; for example, executing contracts that contain commercially unreasonable terms, such as a promise to indemnify the client for the consequences of the client’s own conduct. Such language is sometimes found in client-drafted contracts, and absent controls to identify and modify the language, there can be significant financial exposure. It also is advisable to include a limitation of liability for consequential damages in client contracts.
Another business risk to consider is the practice of “payrolling” another firm’s employees. Absent controls to identify and avoid high risk payrolling situations, there can be exposure to unexpected losses from clients seeking to shift risk to the staffing firm.
