Be aware of the compliance risks of a growing remote workforce

Be aware of the compliance risks of a growing remote workforce

Local contact

Kerrie Chang

31 May 2023
Categories Thought leadership
Jurisdictions Singapore

Businesses should regularly review their workplace flexibility policy framework and remote working arrangements to manage tax obligations and compliance risk.

The importance of hybrid mobility

According to the EY 2023 Mobility Reimagined Survey, 88% of respondents consider mobility as a way to address global talent shortages, and a further 76% believe mobility influences the overall organisational strategy. What started as a reactive response to the challenges posed by the COVID-19 pandemic has now become a component of an organisation's long-term workforce strategy, as it addresses the shifting priorities of employees and advances their broader global talent objectives.

The adoption of hybrid mobility varies widely, influenced by factors such as organisational culture, industry, nature of work and talent retention. Hybrid mobility originally encompassed traditional business travel and cross-border work, but it has now evolved to include virtual and remote work arrangements. Remote work can range from work-from-home in the same jurisdiction, temporary remote work whilst overseas (workcations) to permanent remote work domestically or internationally in countries with entity presence, or work from anywhere.

However, these new ways of working have also brought greater attention to compliance risks. As organisations redefine their mobility strategies, they need to adopt a forward-looking and robust framework to manage the growing complexities and risks associated with hybrid mobility.

The management of remote work requests has been approached in different ways, ranging from assessing each case individually to developing a formal policy or framework. However, there can be confusion in the articulation and communication of these policies. This highlights the importance of involving employees and stakeholders to ensure a cohesive effort in managing potential risks. Issues involve range from immigration compliance to technology enablement, to tax reporting requirements, or even tax exposure for the employer.

Common compliance risks for remote work arrangements

As the demand of remote work expands, so does its complexity and compliance risks. While 92% of respondents of the EY 2023 Mobility Reimagined Survey believe that aligning mobility strategy to organisational objectives helps in attracting and retaining top talent, 71% of respondents do not feel that their organisations are equipped to handle risks.

An employee working across jurisdictions may expose an organisation to the risk of creating a permanent establishment in the foreign country depending on the aggregated physical days’ presence of the employees in that jurisdiction. This may potentially subject the company to various requirements, such as corporate tax, registration, payroll withholding and reporting obligations. While Singapore has a comprehensive tax treaty network, the process of claiming exemptions or tax credits can be complex and individuals may have to pay the full tax amount in advance. In the absence of any domestic exemptions or tax treaty, double taxation may be inevitable, resulting in additional financial burden for the individual. It is worth noting that Singapore currently has not entered into any social security totalisation agreements, except for some coverage under the bilateral economic agreement with India. In addition, local regulations may trigger individual income tax and social security implications in multiple jurisdictions.

Apart from the individual and corporate tax regulations, employers will also need to be aware of compliance requirements in immigration and employment laws. Many countries require non-citizens to have a valid visa or permit to work in their jurisdiction. Companies must also be aware of local employment laws regarding minimum wage, statutory working hours, the presence of unions, and worker support and protection. Failure to comply can result in significant and costly penalties for both the individual and company.

Technological advancements have facilitated remote work but they have also increased the importance of addressing cybersecurity concerns. Organisations must be equipped with a sophisticated system that can support digital collaboration and cross-border access, and provide oversight and maintenance of data security and protection.

Mitigating risk through cross-functional collaboration and technology

When responding to remote work requests from employees, it is essential to develop a robust risk assessment and governance framework that supports employee flexibility while managing organisational risk.

According to the EY 2023 Asia-Pacific International Remote Work Survey, 78% of organisations perform a risk assessment before approving international remote work requests. Formalising processes and guardrails allow organisations to identify risks thoroughly and consistently.

The risk assessment is crucial in establishing parameters that allow for remote work within the organisation's risk tolerance. Striking a harmonious balance between managing the company’s compliance risk and positioning their mobility programme is critical. This balance influences the implementation of the framework and policy.

The abovementioned EY 2023 Mobility Reimagined Survey found that while 76% of organisations had some hybrid mobility policy or approach, only 47% of respondents stated that these policies were consistent globally. Furthermore, only 41% of respondents felt that their hybrid policy addressed crucial issues. This highlights the need for organisations to do more to prepare for the reality of hybrid mobility.

Unlike multinational corporations that have experienced managing assignees and business travellers, local companies with less experience may face a more challenging learning curve. However, regardless of their experience, all organisations must adopt a fit-for-purpose approach to stay compliant with the latest local regulations. 

To create a comprehensive framework for managing the risks associated with remote work, it is important for organisations to engage in cross-functional collaboration with key stakeholders and subject matter experts. This includes individuals from human resource, tax, legal, cyber and IT security, immigration, and risk management. By working together, they can address a broad range of issues and create a more robust framework.

One important aspect of managing remote work is the tracking of the location of employees to identify potential tax, immigration, or regulatory risks, as well as safety and cybersecurity issues. With the expected increase in remote worker volume, organisations may want to consider leveraging technology to support the administration and execution of their remote work programme to streamline requests, approvals, risks assessments and compliance tracking.

A well-designed framework or policy is essential for successful remote work, as it establishes clear parameters and expectations that employees must follow. It is equally important to communicate these guidelines effectively to employees and establish a level of trust between the organisation and its remote workforce.

We encourage businesses to do a full review of the flexi-workplace policy and processes. It is also important to do a regular refresh for regulations and practices. This will certainly be an area of focus for tax and immigration authorities, and in some cases it has already started.

The co-authors of this article are Kerrie Chang, Partner, People Advisory Services — Integrated Mobile Talent from Ernst and Young Solutions LLP and Isabella Ong, Associate Director, People Advisory Services — Integrated Mobile Talent from EY Corporate Advisors Pte. Ltd.