Skip to main content

Third Party Information Technology Sourcing May Create Unidentified Risks for Employers, Global Corporations

All employers that use third-party information technology sourcing entities may be sitting on unidentified risk. One of the world’s largest technology outsourcing companies, Infosys Corp., was fined a record $34 million for immigration-related violations last fall. This settlement represents the high-tide mark for corporate immigration enforcement; and, federal law enforcement officials indicate further investigations will occur.

Any employer who isn't assessing risk and financial exposure immediately with respect to third-party vendors working on-site is sitting on a ticking time bomb. The potential results include taxes, employment-related litigation and immigration liabilities as well as negative publicity that could adversely affect company stock prices. With government agencies focused on increasing enforcement actions following the Infosys settlement, employers everywhere should ensure they have implemented comprehensive third-party sourcing compliance plans that address employment and immigration concerns.

The Infosys settlement raises the benchmark for corporate immigration compliance and is a significant warning for companies with third-party information technology employees working on-site. As companies outsource technology functions with increasing frequency to reduce costs, employers should ensure that appropriate corporate safeguards are in place for third-party sourcing entities and their staff members to avoid challenges of co-employment as well as corporate liability for third-party actions.

The increased scrutiny of companies’ relationships with service providers and a broad range of third-party sourcing entities, in terms of size and geographic location, are creating significant risks for companies, which, in many cases, remain unidentified. This issue is compounded further when third-party entities rely on fourth- and fifth-party providers to satisfy the terms of master services agreements, creating challenging supply chain concerns that in turn can breed operational and transactional liability for companies. Unfortunately, when outsourcing companies outsource work to other companies, they are not engaging in risk management but profit maximization, which does not bode well for companies using their services.

It is commonplace for companies, even those with well-drafted agreements in place, to unwittingly become co-employers of third-party information technology sourcing staff members by virtue of the day-to-day interactions of company employees with third-party sourcing entities and their staff members. Government agencies, including U.S. Citizenship and Immigration Services (USCIS), the U.S. Equal Employment Opportunity Commission and U.S. Department of Labor, are increasingly sensitive to possible co-employer relationships and noncompliance with employment and immigration laws.

For example, in January 2010, USCIS issued a guidance memorandum, the Neufeld Memo, to its adjudication officers on how to determine employer-employee relationships, with a specific emphasis on third-party worksites. USCIS concluded that, in many cases, the requisite employer-employee relationship is not met and/or maintained when employees are placed at third-party worksites, implying that the end-client companies are the true employers because they had the right to control and direct the work of such employees (i.e., controlling when, where and how information technology sourcing employees perform assignments).

Since the issuance of the Neufeld Memo, randomized employer site visits by USCIS have increased dramatically — there were more than 17,000 in 2011 and 26,000 in 2012, and 2013's numbers are expected to be high also — and one of the core areas of investigation is whether the requisite employer/employee relationship exists. USCIS conducted 28,000 administrative fraud investigations in 2012, 80 percent of which were triggered by randomized USCIS site visits.

Co-employer relationships are established when day-to-day control, supervision, guidance and direction of third-party employees is effectively relinquished by the third-party sourcing entities and handled by employees of the end-client companies. Co-employer relationships can be established if the end client companies engage in activities such as providing training to the sourcing entities’ staff members, setting the work hours, pay and/or daily responsibilities for the sourcing entities’ staff members or reserving the right to remove the sourcing entities’ employees from the worksites due to poor performance. In essence, the more control and supervision the end client companies have over the sourcing entity’s staff, the more likely a finding of co-employment will be made.

Co-employer relationships can be devastating when compliance challenges occur. This may include liability under wage and hour, employment discrimination, tax and immigration laws. For instance, both the end-client companies and the third-party sourcing entities can be found liable for the actions of employees of the third-party sourcing entities if they create hostile work environments. In the immigration context, the end-client company can be held liable if the third-party sourcing entities employ foreign workers who lack employment authorization.

Co-employment can also be a potential access point for class action exposure under the Fair Labor Standards Act, tying the wrongdoing by small, third-party sourcing entities to large, multijurisdictional end-client companies. This reality is amplified by the Infosys settlement, particularly when considering Infosys employees’ alleged activities and the federal government’s claims.

Significantly, David Marwell, a special agent in charge of U.S. Department of Homeland Security's investigations in Dallas, stated in a U.S. Department of Justice press release on Oct. 30, 2013, “The investigation indicated that Infosys manipulated the visa process and circumvented the requirements, limitations and governmental oversight of the visa programs. The investigation also showed that more than 80 percent of Infosys’ I-9 forms for 2010 and 2011 contained substantive violations.” Co-employer liability for this activity and the resulting $34 million settlement would be devastating for any employer.

In response to these challenging developments, employers should consider the following five points:

  • Review all contracts with third-party sourcing entities and ensure compliance with the Immigration Reform and Control Act of 1986. Require vendors to guarantee that they will never allow individuals with a B-1 visa status to perform services in connection with the contracts. Make sure that clear guidelines for control of vendor employees are specified. With the Labor Department’s increased focus on independent contractor status, employers may want to insert indemnification language into contracts with third-party entities requiring the appropriate use of independent contractors if sent on-site.
  • Communicate with and train all managers who oversee projects staffed by contractors to ensure managers understand what interactions with vendor employees are permissible with respect to avoiding co-employer liability. For instance, training sessions, social functions and “all-staff” meetings that include employees of both the end-client companies and the third-party sourcing entities could be evidence of co-employer relationships and thus should be avoided.
  • Require review by designated employees rather than individual managers on all requests by employees of third-party sourcing entities for immigration-related information or assistance, such as internal posting notices, business invitation letters and employment verification letters for work conducted at client worksites.
  • Require third-party sourcing entities to apply the same standards of compliance to all outsourcing entities they subcontract work from.
  • Only conduct business with third-party service providers that are enrolled in the E-Verify program.