In last week’s newsletter we presented the IC Compliance Framework as a recommended approach for organizations to establish and maintain a compliant freelance management environment. The framework is comprehensive and includes the following:

1. Audit - Current State Audit of Freelance Contractor Engagement Processes and IC Compliance Effectiveness 

2. Policy - Freelance Contractor Engagement Policy 

3. Training - IC Engagement Management Training

4. Process - Centralized Freelance Contractor Engagement Process 

5. Function - IC Compliance Function 

Starting with this issue of the Compliance Capsule we will begin a step-by-step walkthrough of the entire IC Compliance Framework. For the next several issues we will go into detail about each segment of the framework, providing examples, use cases, tools and templates for companies to consider and use. Of course, the starting point of the framework or the degree to which each segment is applicable to your company really depends on your company’s current state. And it is for that reason that we begin our review of the IC Compliance Framework with the current state audit recommendation.

IC Compliance Framework Step #1: Audit 

Current State Audit of Freelance Contractor Engagement Processes and IC Compliance Effectiveness

To address this critical first step of the IC Compliance Framework, I will share some of the content we present to and use with Bubty customers who seek our consultation on developing a more compliant organization. We refer to our audit as CRA - Compliance Readiness Audit.

Bubty’s Compliance Readiness Audit or CRA

The CRA is a flexible audit and assessment project that the Bubty Compliance Services team conducts as a consultation or advisory engagement with the customer. The output of the CRA is an Audit Report delivered to the customer as a stand-alone assessment of the current state of freelance management practices at the organization, with a particular emphasis on classification compliance.

The Compliance Readiness Audit is an assessment of the customer’s readiness to compliantly engage and manage freelancers as independent contractors within the country or tax jurisdictions of the talent they seek. The scope of the CRA aligns with our general IC compliance formula:

At a high overview level, Bubty follows this formula for communicating and conducting our brand of IC compliance. It also serves as a guide for how we conduct the CRA. The first two components of the IC compliance formula are a measure of the organization’s compliance environment (practices, policies, training) and the tools, templates and practices engaged to enter into freelance IC engagements. We refer to this in the CRA collectively as “IC Readiness” - is the organization ready to compliantly engage freelancers as ICs? 

The other factor within the IC compliance formula is IC Certified Freelancer, which addresses the unique qualifications of each individual talent the organization engages or intends to engage. This factor is measured at the individual freelancer level (ie transactionally) when we are conducting IC screening. However, to aid the objective of the CRA we attempt to develop an organization level view of the broader freelancer population risk the organization encounters. Freelancer population risk is a more narrow assessment of the type of work or services the organization is seeking from freelancers relative to the organization’s business model and existing employment strategy. As we will see below, not all freelancers or freelancer services represent similar risk. Assessing the freelancer population risk - based on the services or type of work the organization intends to engage freelancers for - helps us identify sector-specific risks.

We plot these two individual risk factors on a graph that allows us to visualize the cumulative risk. The Compliance Risk Matrix is a foundational tool that enables us to identify gaps in the organization’s management practices and their freelance talent engagement strategy.

Compliance Risk Matrix

IC Readiness Risk

IC Readiness is a term we use to quantify the customer organization’s existing capabilities to compliantly engage and manage IC freelancers. For instance, do they manage ICs differently than how they manage employees? Are the job roles or projects they engage freelancers for similar to job roles and projects their employees work on? Do they use appropriately structured independent contractor agreements to engage the IC freelancers? How do they compensate their IC freelancers, by the hour or based upon results, deliverables, milestones? Do they invite freelancers to employee events? Do they require freelancers to wear company-branded uniforms? Do they have a freelancer or IC engagement policy in place?

Using their current state of readiness, we then seek to gain a forward-looking view of the customer’s IC Readiness risk. We do that by overlaying Bubty compliance solution with the organization’s existing behaviors and freelancer management practices, their culture. This forward view allows us to gauge to what degree we need to calibrate our compliance solution in order to address the customer IC Readiness risk that will still remain even after the compliance solution is in place. For instance, we may need to provide training to build customer manager awareness of how to compliantly manage freelancer engagements. We may also need to upgrade the IC agreement used to engage freelancers or raise the threshold score for IC compliance screening of their freelancers. And in some cases we may need to help our clients establish or enhance their freelancer / IC policy and governance model. The remediation of IC Readiness risk can take many shapes and forms. The objective is to make adjustments that keep the risks that the client organization and Bubty (as the IC screening or AOR provider) are exposed to at an acceptable residual level, recognizing that we can never totally, fully remove the risks.

Population Risk

Population refers to the different types or groups of freelancers the customer engages. The types of services provided by freelancers and the country where the freelancer resides (i.e. tax responsibility) both contribute to our segmented approach to making a Population Risk assessment. We use “collar color” and worker’s compensation codes as guiding references to segment the services in scope. Risk of misclassification often has a direct correlation to the services being provided and the level of compensation being paid. For instance, the misclassification risk associated with a graphic designer (white collar work, low risk workers compensation rating) providing project based services remotely is notably lower than the risk associated with a construction worker working on site or a truck driver driving a delivery vehicle (blue collar work, high risk workers compensation rating).

We combine these service types with country-borne misclassification risks in order to create freelancer population segmentations. Doing so enables us to assign a single Population Risk assessment for each segmented freelancer service type.

When multiple and differentiated populations are in scope, we plot each one individually on the Compliance Risk Matrix shown above. We do this because unique or different solutions may be required to manage individual or different IC populations being engaged by the same customer. For instance, the IC Compliance score threshold for white collar services will be lower than the threshold we establish for a blue collar job. Or, the Customer may directly engage low risk white collar ICs themselves but have Bubty AOR engage higher risk ICs on their behalf.

The CRA Output

We use the Compliance Risk Matrix to present our overall assessment of risk for the organization. The matrix offers four unique risk-based outcomes for each defined freelancer population the organization considers in scope.

• Direct IC Engagement - There are two levels of direct IC engagement stratified by risk relative to the individual organization. This highlights the variability of risk thresholds that can exist from one organization to the next.

  • Optimal: The organizational and population risk are considered low, so direct engagement of the IC is optimal. 

  • Supportable: The risk is moderate and direct IC engagement can be supported as long as IC screening is conducted and comes back favorably. 

• AOR IC Engagement - The combined IC readiness and population risk is high and direct IC engagement is not recommended. Rather, an AOR IC engagement is the recommendation. The AOR or risk intermediary model is necessary (highly recommended) to mitigate the higher misclassification risk noted in the assessment. Note that this could be driven solely by the lack of organizational IC readiness and not the nature of the work (ie freelance service type).

• EOR Engagement Only - Here the risk is too great to support engagement of the freelancer (type) as independent contractor. Rather, the recommendation is to payroll the talent as a contract employee. Note that this could be driven solely by the nature of the work (ie freelance service type) and not by a lack of organizational IC readiness. 

Conclusion

Assessing the readiness of an organization to engage independent contractors is foundational knowledge to establish a compliant environment for the engagement of freelancers. The Compliance Readiness Audit (Bubty’s version) is only part 1 of a potential two-step audit process to assess the organization’s current state and enable full and effective implementation of the IC Compliance Framework. 

Next Issue

For those organizations that have been engaging freelancers or even small businesses for labor-based services, part 2 of the framework Audit is focused on the effectiveness of current freelancer / small vendor engagement practices. While the CRA looks at the organization’s compliance readiness, part 2 - aka Compliance Documentation Audit - looks at existing and historic IC engagements to render an assessment on how effective current practices have been. 

Until next Wednesday, stay compliant and be happy.