HR compliance has a lot of moving pieces, and in my experience, they don’t all live in one simple place. They show up across payroll, policies, hiring practices, and even the tools your team is using day to day.
When something gets missed, it’s usually because it lived somewhere you weren’t looking. Nothing feels obviously wrong until it surfaces later, and by then, it’s already a problem. One SC&H client discovered $220K+ in penalties hiding in plain sight. Here’s how that happened.
These are the most common areas where I see gaps:
- Multi-state payroll and tax setup: Are all required state and local registrations completed for every employee location?
- Worker classification: Are employees and contractors classified correctly based on how they actually work?
- Leave policies and job posting requirements: Do your policies reflect current laws in every state where your employees live and work?
- I-9 documentation and recordkeeping: Are forms complete, accurate, and stored properly?
- Employee data and AI usage: Are you protecting sensitive data and reviewing AI-generated content before using it?
Without ongoing oversight, these gaps can turn into major issues like regulatory fines or audit exposure. Let’s walk through what each of these actually requires and how to check where your organization stands.
1. Audit your multi-state payroll and tax setup
I’ve seen this play out the same way across a lot of organizations. You find the right person, they happen to live in another state, and you move forward in the hiring process. You get them set up on payroll, and it feels like everything is covered.
But hiring in a new state comes with its own registration requirements, and they don’t kick off automatically just because you ran the first payroll.
Each state (and some cities) has its own requirements, including payroll taxes, unemployment insurance, and, increasingly, programs like paid family leave or disability coverage.
One of the biggest misconceptions is assuming your payroll provider is handling all of this on your behalf. In most cases, the responsibility still sits with you, the employer.
| What to look for | Quick checks you can run |
| Employees working in states where you’ve never registered | List every state and city where employees live and work |
| Payroll running without corresponding state tax accounts | Compare that list to where your business is currently registered |
| Missing registrations for state-specific programs | Confirm all required accounts are active, not just payroll tax |
Why this matters
Many organizations don’t realize there’s a problem until they receive a notice or are asked to provide documentation they don’t have.
Missing a state registration, running payroll without the right tax accounts, or overlooking required state programs can lead to back taxes, penalties, and interest that add up quickly.
2. Review your worker classifications
Another area that tends to drift over time is how your workforce is classified.
It’s common to hire contractors as a way to keep things flexible as the business grows. But classification isn’t based on what’s easiest for your operations. It’s based on how the work is performed.
The IRS and most state agencies look at factors like whether you control when and how someone works, whether they use your equipment, and whether the relationship is ongoing. A contractor working set hours, following your internal processes, and who has been with you for two years is likely functioning as an employee, regardless of what their contract says.
Roles also evolve over time, and if classifications haven’t been revisited, you may have exposure you’re not aware of.
| What to look for | Quick checks you can run |
| Contractors working fixed schedules or under direct supervision | Review what work is actually being done day-to-day |
| Long-term contractors functioning like employees | Compare roles against IRS and state guidelines |
| Roles that have changed, but classifications haven’t | Revisit any roles that have evolved over time |
Why this matters
Misclassification of employees can affect payroll, tax obligations, and compliance simultaneously. It’s rarely intentional, but it can create exposure for the business if left unaddressed.
It’s important to know that federal and state standards don’t always align. Some states use stricter tests than the IRS, so a classification that holds up federally may still create problems at the state level. If your workforce spans across multiple states, this is something to keep front of mind.
3. Check leave policies and job posting requirements
This is an area where compliance starts to feel less straightforward, especially for CEOs, CFOs, and others without an HR background. Laws are shifting quickly, and what was optional last year may be required today.
Different states and cities have unique rules regarding how employees are paid, what leave they’re entitled to, and what must be disclosed during the hiring process.
That includes things like:
- Paid leave requirements
- Salary transparency laws
- Employee protections tied to location
If your team is spread across multiple states, your policies and job postings need to reflect those specific requirements.
| What to look for | Quick checks you can run |
| Policies that haven’t been reviewed recently | Map employee locations against applicable laws |
| Employees in states with laws not reflected in your handbook | Review your handbook for gaps or outdated language |
| Job postings missing required disclosures like salary ranges | Audit recent job postings for compliance requirements |
Why this matters
Missing a required salary disclosure can disqualify a job posting. An outdated leave policy can trigger a complaint or a claim. Most organizations don’t find out until something forces a closer look, like a new hire, a complaint, or a policy question that can’t be exactly answered. For teams in multiple states, that risk is even harder to see coming.
4. Verify your I-9 documentation and recordkeeping
Every employer is required to verify employment eligibility through I-9 forms. It’s a standard part of hiring, but it’s also one of the easiest processes to get wrong.
I often see forms that were started but aren’t fully completed, are missing signatures, or include documents stored in ways that wouldn’t hold up in an audit.
| What to look for | Quick checks you can run |
| Missing or partially completed forms | Audit a sample of employee I-9 forms |
| Delays in completion timelines | Confirm forms are completed within required timeframes |
| Inconsistent storage practices | Ensure documents are stored securely and can be easily accessed if needed |
Why this matters
Issues here tend to stay hidden until there’s an audit or review. At that point, even small inconsistencies can become larger concerns.
The risk here isn’t just the paperwork. Fines for I-9 violations are assessed on a per-form basis, so what looks like a minor recordkeeping issue can add up to a substantial penalty depending on how many files are affected. E-Verify can assist with the I-9 process, but it does not replace the requirement to complete the I-9 form itself, a distinction many employers miss.
5. Establish clear guidelines for employee data and AI usage
AI is becoming increasingly common in HR workflows. Teams are using it to draft job descriptions, build policies, and answer employee questions. If you’re exploring how to use AI more broadly across your business, this guide is a helpful place to start.
AI can save time and improve efficiency when used well. But when it comes to HR, there’s an added layer to consider.
| What to look for | Quick checks you can run |
| Sensitive employee data entered into public AI tools | Define which AI tools are approved for internal use |
| AI-generated content used without review | Require human review before content is finalized |
| No clear internal guidance around usage | Set clear boundaries around what data can be entered into AI tools |
Why this matters
AI can help you move faster, but it doesn’t account for your specific policies, your workforce, or the regulations that apply to your business. This is a rapidly changing area with emerging state-level hiring laws that restrict how AI can be used in screening and performance decisions. Remember, AI can work best as a starting point, not a final answer.
Know where you stand and what to do next
At a certain point, this becomes less about keeping up and more about having confidence in what’s already in place.
That’s where many organizations start to look for support. Not to hand off decisions, but to:
- Validate that everything is set up correctly
- Identify gaps before they turn into issues
- Keep pace with changes that are easy to miss internally
Your role is to keep the business moving forward, and HR compliance shouldn’t be something you have to second-guess in the background. If something feels unclear, outdated, or just hasn’t been looked at in a while, that’s usually worth taking a closer look. Sometimes that means tightening up internal processes. Sometimes it means partnering with a professional to get a second set of eyes on things.
When you know where things stand, you can focus your time where it matters most and bring in the right support where it doesn’t. Have questions about your company’s HR? The SC&H experts are here to help. Talk with our team today.
