To be able to provide compliant HCM services and solutions to our clients, ADP must have an effective compliance program built on sound foundations and standards. The quality of our internal compliance controls directly affects the value of the services we deliver for our clients, as well as the engagement of our own associates. Read on to learn more about how we manage compliance across the HCM products, services and solutions we deliver to our multinational clients.
2. Contents
1. Introduction – the compliance environment in globalized markets 1
2. Compliance governance 2
2.1 Global compliance oversight 2
2.2 ADP Streamline’s compliance structure 2
2.3 Roles and responsibilities within ADP Streamline 3
2.4 Compliance management lifecycle & risk assessments 4
2.5 ADP Streamline’s service compliance: SOC 1 ISAE 3402 report 5
3. Partner management lifecycle 6
3.1 Partner selection & onboarding 7
3.1.1 Partner selection 7
3.1.2 Partner onboarding 9
3.2 Ongoing partner management 9
3.2.1 Regular service reviews & Key Performance Indicators 10
3.2.2 Executive business reviews 10
3.2.3 Training and support 10
3.2.4 Payroll Legislative Updates 11
3.2.5 Partner Anti-Bribery Compliance Program 11
3.3 Monitoring and audit 12
3.3.1 Financial Assessments 12
3.3.2 On-site Partner Audits 12
4. Our certifications and awards 15
Confidentiality
The information contained in this document is confidential, and remains the intellectual property of Automatic
Data Processing, Inc. and/or its affiliates (“ADP Group”). This document must not be reproduced, stored in a
retrieval system, or transmitted in any form by means electronic, mechanical, optical, photocopying, recording
or otherwise, without the prior consent of the ADP Group.
This document must be kept strictly confidential at all times. It must not be disclosed to any person without
the prior written consent of the ADP Group.
3. 1Compliance in ADP Streamline - January 2016
1. Introduction - the compliance environment in globalized markets
Global payroll executives state concerns over how to comply with mounting legal and
regulatory requirements in a multijurisdictional environment as their single biggest worry1
.
Consider the complexity of global legislation, the vast differences in policies of individual countries’ governing
bodies and the constantly evolving nature of the payroll-related regulatory landscape, and you can perhaps
understand their apprehension.
Without a doubt, the risks of non-compliance in today’s globalized marketplace have never been greater due
to the increasing regulatory oversight. Breach an anti-bribery regulation or break a payroll-related law, and
your company could face financial penalties, reputational damage, increased regulatory scrutiny and even
criminal charges – the impact of which can imperil even the most sophisticated global business.
To be able to provide compliant HCM services and solutions to our clients, ADP must have an effective
compliance program built on sound foundations and standards. The quality of our internal compliance
controls directly affects the value of the services we deliver for our clients, as well as the engagement of our
own associates.
Read on to learn more about how we manage compliance across the HCM products, services and solutions
we deliver to our multinational clients.
1 Global Payroll Survey 2014: One year on and closer to reality? Ernst & Young, 2014
Global footprint, local expertise
France DSN
Declarations to public
social intitutions have to be
submitted electronically on
a monthly basis
Russia Data Protection Law
Personal data have to be
hosted in Russia
Brazil eSocial
Events resulting in tax
obligations need to be
notified electronically
Japan ‘My Number ’
Employers have to collect
employees’ personal ID
numbers
(2015)
4. 2 Compliance in ADP Streamline - January 2016
A strong compliance program, built on an organization’s values and principles, is the
bedrock for creating a culture that is focused on outstanding quality and business
outcomes.
2. Compliance governance
ADP’s ‘Code of Business Conduct and Ethics’ is the foundation upon which
our compliance program is built. We review this Code on a regular basis
and make it available in 18 languages so that ADP employees around the
world can read it, understand it and put it into action. Complementing
the Code of Business Conduct and Ethics are other company policies and
procedures that outline responsibilities for compliance, including our Anti-
Bribery Policy, Antitrust (Anti-Monopoly) Compliance Guide, and Global
Privacy Policy among others.
Continuously reinforcing a compliance culture is an important aspect of our Compliance Program. We raise
awareness across ADP through regular training and relevant publications to drive changes in behavior, reduce
instances of wrongdoing and encourage open communication.
2.1 Global compliance oversight
ADP’s Global Compliance Office is responsible for the governance, strategies and initiatives of our company-
wide Compliance Program. The Chief Compliance Officer and central team support risk assessment activities,
provide tools, deliver corporate compliance communications and work to identify key risks across the entire
ADP corporation.
2.2 ADP Streamline’s compliance structure
ADP teams, wherever they’re based in the world, know that from initial contact with clients through to
implementation and then ongoing operations, compliance and integrity are embedded in all aspects of the
work we do for the benefit of our global clients.
Each business unit within ADP has a formal compliance program and dedicated Compliance Leader. ADP
Streamline’s compliance program, on which we collaborate closely with ADP’s Global Compliance Office, is
tailored to business-specific compliance requirements, aligned with ADP’s global policies and practices.
5. 2.3 Roles and responsibilities within ADP Streamline
ADP Streamline is part of ‘Global Enterprise Solutions’ – the part
of ADP dedicated to serving multinational (MNC) clients’ HCM
needs .
The Compliance Leader oversees a program that covers all of
our global products, services and operations. Responsible for
engraining compliance standards into all aspects of our daily
work, the Compliance Leader advises senior management
on how to mitigate compliance risks as well as designing and
monitoring the processes we need in place across our business
worldwide.
Our Compliance Leader also chairs the Compliance
Committee, which meets monthly and is staffed by senior ADP
professionals, including the General Manager. Overseeing
compliance initiatives, committee members review the impact
of regulatory developments and ensure that the adequate
internal policies, processes and controls are in place. They are
also responsible for allocating the resources required to comply
with the laws and regulations applicable to all ADP Streamline
operations.
Compliance Committee members are not alone in this
responsibility. They tap into the collective experience of subject
matter experts from across the whole ADP organization, who
work in sub-committees or working groups and develop
and implement the compliance initiatives as directed by the
Compliance Committee.
ADP Streamline has a dedicated
Global Partner Network
Department consisting of more than
40 professionals responsible for our
network of local payroll partners. This
team is based in our main hub offices
in Barcelona, Singapore, São Paulo
and Miami.
The Client Experience and
Continuous Improvement team
manages the framework for on-site
audits as part of the Partner Assurance
Program.
ADP’s Global Security Organization
carries out on-site partner audits
covering business governance,
payroll and IT & security controls.
These experts are responsible for the
management of security incidents and
other security-related areas.
6. 4 Compliance in ADP Streamline - January 2016
2.4 Compliance management lifecycle & risk assessments
We carry out regular as well as ad hoc risk
assessments of the ADP Streamline business
in order to meet the requirements of the ever-
evolving regulatory landscape.
This is a formal process that leverages the
experience and expertise of internal leaders
and subject matter experts. Taking into account
input from across the business, we then define a
Compliance Enhancement Plan to be approved
by the Compliance Committee based on the
likelihood and magnitude of the potential
impact on our business.
The Committee also monitors the progress of
our compliance initiatives, reviews business
escalations and new regulatory developments
and allocates the required resources.
Top compliance priorities:
7. 5Compliance in ADP Streamline - January 2016
2.5 ADP Streamline’s service compliance: SOC 1 ISAE 3402 report
ADP Streamline has designed and implemented controls in order to ensure our central services are compliant
with requirements set out by the US Sarbanes–Oxley Act (SOX) in order to prevent the risks associated with
payroll management.
The main areas covered by our controls
Our internal controls are audited on an annual basis by one of the ‘Big Four’ audit firms, who assess the
suitability of the design and operating effectiveness of the controls described in our control matrix and
policies. The auditors review and certify our organization’s compliance with international assurance standard
SOC 1-ISAE 3402 Type II, which includes how we execute our Partner Assurance Program.
The external auditor provides a report according to SOC 1 ISAE 3402 standards that is made available to
clients upon request.
Applications
change
management
User
management
Payroll
production
controls
Network
controls
(Vendor
Management)
Physical
access
IT
infrastructure
(IPC report)
8. 6 Compliance in ADP Streamline - January 2016
3. Partner management lifecycle
ADP’s obligation to ensure ethical and legal behavior doesn’t only apply to our own
employees – it also extends to the activities of our agents, consultants and business
partners who act on our behalf.
ADP Streamline has built a network of payroll
partners covering more than 100 countries and
territories (partnering with both ADP affiliates and
external subcontractors). Each has been carefully
selected as expert providers in the local country,
possessing a proven track record and normally at
least 10 years’ payroll experience.
Our international network of payroll partners
is crucial in helping to attain strategic business
objectives while allowing us to offer our clients an
enhanced service and in-depth knowledge of local
payroll laws, rules and regulations.
However, the use of third parties also increases
exposure to certain risks that can damage
businesses – even those with the most sophisticated
and carefully maintained processes. Some of these
risks are inherent to the payroll processing itself,
similar to the risks that would arise from ADP
conducting this activity directly.
Naturally, many of our clients want to know exactly how we manage these risks.
ADP Streamline’s network of professional payroll partners must deliver payroll services of the highest
standards, as defined in our subcontracting service agreement. Strong, centralized governance is at the heart
of our relationship with our partners, with the objective that both parties benefit from a mutually successful,
long-term business relationship.
Our Partner Assurance Program acts as a frame of reference for compliance with international standards and
regulations such as the previously mentioned SOX, ISAE 3402 and information security standards ISO/IEC
27001:2013.
This program is positively received by our partner community; motivating and guiding them on how to reduce
their level of risk when it comes to IT and security, payroll processing and business governance.
We apply this framework from the first moment that we begin to work with third-party vendors.
9. 7Compliance in ADP Streamline - January 2016
3.1 Partner selection and onboarding process
3.1.1 Partner Selection
Selecting ADP Streamline partners is a joint effort among
the Global Partner Network Department, Global Security
Organization and Compliance teams.
The initial phase of our partner selection process is carried
out by ADP Streamline’s Global Partner Network Department,
who identify and then vet prospective partners by means
of an evaluation form. This questionnaire covers business
characteristics (such as annual turnover, number of employees
and total client base size) as well as detailed information on the
firm’s experience in the payroll sector. At this stage, we also
establish:
what accreditation the company has,
its geographic coverage,
market position.
We also review country risk (such as political, economic, criminal aspects, among others) to help make
strategic business decisions regarding our payroll services.
Secondly, as part of this preliminary assessment, certified security experts from our Global Security
Organization review the shortlist of candidates, evaluating the maturity of the companies’ IT and security.
Members of our Global Partner Network Department then visit the company’s offices, to evaluate whether the
organization is suitable to be included on our selection shortlist.
Once a final candidate is selected, the Global Security Organization completes an on-site audit
independently to further assess IT & security and issue an audit findings report, based on established scoring
criteria.
10. 8 Compliance in ADP Streamline - January 2016
Thirdly, in today’s tight regulatory environment, businesses must be able to demonstrate to clients and
regulators that we know who we’re dealing with. We must know the true background of all of our business
associates - current and prospective – in order to meet compliance requirements, avoid regulatory fines
and protect our reputation. To this end, our Compliance Leader carries out Due Diligence Screening on the
company and its key personnel in order to manage reputational and regulatory counterparty risk in relation to:
Anti-Money Laundering (AML)
Organized Crime
Countering the Financing of Terrorism (CFT)
Corruption (Bribery)
War Crimes
Sanctions
Politically Exposed Persons (PEPs)
We use a risk intelligence tool which is considered the gold standard in PEPs monitoring,
AML screening and financial crime control. Through its extensive negative media research it
acts as an early warning system for hidden risk in business relationships – risk that compliance
regulations could be breached or threaten our reputation.
Financial stability assessments are another core component of our initial screening and ongoing monitoring
process. We source reports from a trusted global credit reporting agency, which include analysis of the
following areas (where available):
Financial statements
Bankruptcy probability factor
Company corporate data
Directorships and management team
Share capital structure, major shareholders
Check on bankruptcy filings, court judgments, debts collections, tax liens
Payment history.
Based on all of the selection criteria described above, ADP Streamline’s senior leadership will take the final
decision on whether an individual third-party vendor is ultimately selected as an ADP Streamline partner.
Our Legal team then finalizes the contract, making sure that the standard clauses are in place, including
provisions for anti-bribery, data privacy and security. Once the contract is signed, the partner onboarding
process begins.
11. 3.1.2 Partner Onboarding
Constructing a mutually compliant partnership starts by training our third-party payroll experts on ADP
Streamline’s Service Definition. This document is the core of clients’ contractual relationship with ADP
Streamline, in which we establish the terms of the service we deliver to clients in all countries for which they
have contracted our global payroll solution.
We also invest a considerable amount of time training new partners on ADP’s standards and control
requirements; making sure partners fully understand our governance model and service delivery framework
before we move on to operational training and the technicalities of systems integration.
3.2 Ongoing Partner management
ADP Streamline’s dedicated Global Partner Network
Department has overall responsibility for our partner
network, ensuring compliance and continuous
improvement through a number of activities such as
regular reviews, training and workshops.
Additionally, each year we take the opportunity to
nurture our relationships with our partners in person
through operational regional workshops and a separate
Executive Convention. Through plenary sessions
and interactive workshops, we discuss compliance
best practices in payroll processing, aiming to raise
standards and ensure operational consistency.
These and other activities are described in more detail
in the following sections.
12. 10 Compliance in ADP Streamline - January 2016
3.2.1 Regular service reviews & Key Performance Indicators
Partners have a dedicated Partner Manager, who conducts monthly and bi-monthly service reviews, covering
the 23 Key Performance Indicators (KPIs ) by which we assess our global payroll partners:
3.2.2 Executive business reviews
ADP Streamline Partner Executive Relationship Managers conduct semi-annual or annual executive business
reviews with our partners’ senior leadership teams, covering topics such as:
Current business and the business growth forecast
High-level operational reviews
Compliance with our partner ‘pillars’ of service
On-site audit results
Service delivery performance
Strategic updates
3.2.3 Training and support
We provide training to our partners on payroll control requirements based on the
SOC 1- ISAE 3402 framework, support on payroll platform migrations, and assistance
on high-impact legislative changes affecting payroll processing operations.
We also operate a ‘Service Delivery Framework’ to help our local payroll partners
develop a service organization that mirrors ADP’s own service standards. All of our
partners’ operational managers and payroll specialists are required to complete the
training and implement its takeaways in order to create culture of high standards and
continuous improvement.
13. 11Compliance in ADP Streamline - January 2016
3.2.4 Payroll Legislative Updates service
ADP Streamline’s network of local payroll experts possesses deep knowledge of fast-changing local laws,
social security systems and tax regulations. At times, these can even differ by city and region, as well as by
country.
Our partners around the world provide insights into new and changing payroll regulations in their particular
territory, so that clients can stay abreast of breaking news on topics like employment tax, wage payments,
working hours, tax credits, statutory leave and social security. Through the ‘MyStreamline’ portal, ADP
Streamline clients can then access a centralized dashboard to filter the legislative updates by region, country
and effective date.
This Payroll Legislative Updates service is a complementary service from ADP Streamline aimed at helping
multinational clients achieve compliance.
3.2.5 Partner Anti-Bribery Compliance Program
Part of our partners’ contractual agreement with ADP Streamline relates to the Foreign Corrupt Practices Act.
This is a US federal law that prohibits the bribery of foreign officials. Other countries around the world have
similar legislation – the UK Bribery Act 2010, for example.
These laws extend beyond the act of bribery itself; making companies responsible for deliberately ignoring
facts or circumstances that could make it likely for bribery to take place.
Our obligation to ensure ethical and legal behavior doesn’t only apply to our own associates – it also
encompasses the activities of our agents, consultants and business partners who’re acting on our behalf.
Our anti-bribery program is in place to ensure that we and our network of partners are fully compliant and
conducting business to the highest ethical standards. The program comprises:
14. 12 Compliance in ADP Streamline - January 2016
3.3 Monitoring & Audit
3.3.1 Financial assessments
As described earlier under the partner selection process (section 3.1.1) financial assessments of our partners
are completed on a regular basis to ensure that our business partners are in sound financial health and that
the continuity of our service to clients is not compromised.
3.3.2 On-site partner audits
Professional auditors carry out on-site audits of our payroll partners, providing us with a direct means of
detecting and, if need be, correcting, any compliance deficiencies.
Auditors periodically evaluate our partners’ practices, processes and policies to ensure compliance with
the three modules of our comprehensive Partner Assurance Program: business governance, payroll process
management and security, IT and data privacy. Partners must meet a minimum compliance maturity level
within each one of these modules.
15. 13Compliance in ADP Streamline - January 2016
Partner Assurance Program - Modules
16. 14 Compliance in ADP Streamline - January 2016
Within the business governance module, auditors will be looking for proof of partners’ Code of Ethics and
Anti-bribery Policy, delivery of employees’ training & development, capacity management, insurance cover.
Assessing how partners manage the payroll process itself, auditors probe partners’ controls in implementing
new ADP Streamline clients, and payroll processing in line with our Service Definition. They will also assess
controls regarding partners’ timeliness in applying local legislative changes that impact payroll data and the
accuracy of partners’ declarations to statutory authorities (such as tax and social security bodies).
Finally, partners must demonstrate the effectiveness of their information security procedures, in terms of
organizational, technical and physical components. These checks are based on selection of relevant controls
from the ISO/IEC 27001:2013 framework.
For additional details on our Partner Assurance Program please ask your ADP Representative.
Remediation plans for real risk reduction
Partners’ senior management teams receive the audit report with agreed action plan assessed against the
required controls defined in our Partner Assurance Program. Over the ensuing months, ADP then follows up
on all open findings to ensure that relevant remediation actions have been implemented, in order to reduce
or eliminate identified weaknesses, improve and align key processes and reduce potential risk.
The MNC Senior Leadership has oversight of all audit results and with periodic reporting, and can use these
insights as a strategic decision tool if required.
17. 4. Our certifications and awards
In 2015, for the fifth year in a row, service auditors Ernst &
Young certified ADP Streamline with the rigorous service control
standard ‘Annual SOC 1 ISAE 3402 Type II (SAS 70)’. This
endorsement of the control integrity of our payroll processing
environment includes an independent assessment of our Partner
Assurance Program, giving you confidence in ADP Streamline as
a trustworthy and secure payroll provider.
Our Partner Assurance Program have also been recognized
by two high-profile US security organizations. Firstly, it was
named as one of the 50 prestigious CSO50 winners in the
2015 awards; an annual event that honors 50 organizations
for security projects and initiatives that demonstrate
outstanding business value and thought leadership.
This accolade was seconded by ISE Northeast, a well-known security organization in the
US, nominated the ADP Partner Assurance Program as being one of the best security
projects delivering value to the business. This award recognizes the information security
executives for demonstrating outstanding leadership in risk management, data asset
protection, regulatory compliance, privacy, and network security.
18. We hope that this document has given you a thorough understanding of the myriad aspects of compliance
within ADP Streamline’s global payroll operations.
For further details on any of the information included here, please contact your Implementation Coordinator
or Service Relationship Manager.
Disclaimer
The information provided in this document is for informational purposes. ADP reserves all proprietary rights
to the information within this document. ADP assumes no responsibility for any technical or operational
inaccuracies or typographical errors that may be contained herein. In no event will ADP be held responsible
for direct, indirect, special, incidental, consequential or any other loss or damage caused by errors, omissions,
misprints or misinterpretation of the information found in this publication.
ADP expressly disclaims any and all liability to any person, in respect of anything done or omitted, and the
consequences if anything done or omitted, by any such person in reliance on the contents of this publication.
The contents published herein are subject to change at any time without notice. Photos and illustrations are
for illustration purpose only.
Nothing here in shall constitute any representation by ADP of any affiliation between ADP and any company
whose names, marks, products or icons are referred to or displayed herein.
About ADP
Employers around the world rely on ADP® (Nasdaq: ADP) for cloud-based solutions and services to help
manage their most important asset – their people. From human resources and payroll to talent management
and benefits administration, ADP brings unmatched depth and expertise in helping clients build a better
workforce. A pioneer in Human Capital Management (HCM) and business process outsourcing, ADP serves
more than 630,000 clients in more than 100 countries. ADP.com
To learn more about how ADP Streamline can help your company transform global payroll and HR, visit
www.adp.com/streamline