There are several risks associated with non-compliance to operate within the regulatory framework of a country. Legislations differ, so do the consequences in case of breaches and penalties.

Through a candid conversation with Rishabh Mehrotra, CEO of Ascender HCM, we at HR in ASIA seek to understand the risks, challenges, demands and penetration of MCPO in the region. Read on…

• Explain the more commonly associated high risks of non-compliance faced by companies in APAC.

There are several risks associated with non-compliance, but the two most severe in Asia Pacific are either significant financial penalty or business closure. With each country maintaining its own regulatory environment, the responsibility of organisations staying ahead of this knowledge as well as rapidly implementing any changes, can be an overwhelming task.

With unique legislation in each country across Asia Pacific, there is a high level of risk regards when the business might be susceptible to error, where there is little to no tolerance for pleading ignorance.

Another risk that we’re seeing in the Asia Pacific market is the growing concern for data security.

With the legislation in each country rapidly evolving, the risk of businesses falling behind legislative changes is high – especially when this is only one among the approximate 300 laws that directly impact payroll compliance. As MNCs expand into different countries, their ability to stay on top of compliance regulations becomes more difficult.

• What are the consequences of non-compliance and how can companies save themselves of these risks?

For each country across Asia Pacific the consequences vary; if the violation is minor, it could result in a small fine.

In saying that, if the breach of compliance is more serious – for example gross negligence or persistent breaches – the fines may be issued to a Director, forced closure of business, or even in some rare cases the punishment may be as severe as imprisonment.

A key way to avoid these risks, particularly in the APAC region where regulatory compliance is a prominent concern for HR Leaders, is outsourcing to a payroll vendor.

Speaking with many of the businesses we understand that, outsourcing has become a strategic solution for maintaining regulatory requirements, as well as ensuring employee satisfaction with consistent processes in place.

Companies that are unable to outsource their payroll operations should ensure they have a robust operational training program implemented. A few things to be conscious of internally is regular data protection and security awareness training, as well as internal compliance and quality programs.

Rishabh Mehrotra, CEO of Ascender HCM

• Tell us more about the growth and penetration of Multi Country Payroll Outsourcing (MCPO) in APAC. What could be the reasons for MCPO gaining traction in the Asia Pacific?

We recently sponsored Everest to conduct a deep dive analysis on the MCPO market. Research found that the MCPO market grew from approximately US$0.25 billion in 2008 to around US$1.2-1.4 billion in 2015, with an anticipated CAGR of 20-25% till the year 2017.

It is an exciting time to be an MCPO provider in APAC, where growth is outpacing other regions by over 5-10%.

The reasons for growth in MCPO are largely due to the level of complexity of delivery; the integration required to execute an HCM strategy and the variability of compliance across regions.

Many of our clients have united their single country approach through our multi-country platform for a single-supplier relationship and the benefits received from consolidated reporting and analytics.

See: Step-by-Step Payroll Documentation Compliance Guide for HR Professionals

• Why has so little of Governance, Risk and Compliance (GRC) technology been implemented in Asia Pacific?

Most Asia Pacific based companies used to (or still are) operating on a decentralised business model or under organisational silos.

Due to the fragmented nature of business units within conglomerate structured organisations, adopting GRC technology means there is need for changes to the governance structure.

There also needs to be a shift in management mind-set to ensure that inertia doesn’t impact the business whilst the transition takes place.

From the businesses we have spoken with, GRC is definitely an area of exploration, but it isn’t held as an immediate priority for Asia Pacific based organisations. Other business drivers like growth and expansion resonate as the more primary focus within this region.

In saying that, there has been increased importance placed on compliance and risk management. What businesses have been doing is incorporating ERP technology into their strategy to ensure that while the business continues to grow; compliance is still maintained at all times.

In addition to this benefit, HR Directors now have a holistic overview of their payroll processes across Asia Pacific, which provides a strategic insight into how to refine and further automate the compliance process.

• How can GRC technology specifically address a company’s risk and compliance needs?

GRC technology can provide a holistic approach to integrate an organisation’s people, processes and systems.

An integrated approach can streamline and improve processes in a cost-efficient manner, and at the same time, ensure quality data reporting to support compliance requirements.

• How can organisations and HR managers navigate through the regulatory level of complexities and easily adapt to the GRC framework in APAC to meet future business needs?

In order to implement a clear and consistent GRC strategy, business leaders first need to assess the current state and identify future needs of their organisation. Next, they can look to advisory firms who will be able to optimise their approach and formalise their GRC strategy.

For us, it’s about providing solutions to help keep our clients informed and up to date regarding recent legislative changes in their regions, similar to the learning module we are launching soon.

With such information, HR Managers will be more informed to select a product from their compliance supplier that best suits their business needs.

• How to move risk management slightly higher up in the boardroom agenda such as to impact change in the “tone at the top”?

For many businesses, risk and compliance has typically been a dry and difficult area for HR executives to address. However, a shift in the traditional paradigm has prompted organisations to adopt a more strategic approach and look to technology to optimise their organisational efficiencies.

The consequences of not managing risk can be significant for organisations, so having risk and compliance as an integral part of their audit committee is essential.

• Suggest some steps companies in APAC should take, to proactively manage risks efficiently.

There are definitely steps companies can take to proactively manage risks. The first of these is to educate HR teams to understand the importance of risk management.

The team managing this process should have access to both knowledge and expertise that can help them to not only understand compliance, but also equip them with the skills to be able to implement risk awareness and management programs organisation wide.

Lastly, companies need compliance and risks reported regularly to their audit committee.

• How can training staff and implementing a competency framework help organisations mitigate risks?

The most efficient way to mitigate risk is to ensure all employees are well-informed and well-trained in risk awareness and management programs.

Employees can identify potential risks (at its first level) before they occur to help mitigate risks and/or undertake remediation actions to quickly resolve.

The key tactic for having a competitive GRC process is to be proactive rather than reactive, so your people have more time to focus on the strategic elements of your overall business plan.

Image credit: forbesindia.com

Also read: Password Security Risks for Organisations Due to Employee Behaviour