Federal regulatory and enforcement agencies are applying increased immigration scrutiny to the relationships between large corporations and their key service providers. The scrutiny is highest with respect to vendors of IT services to large corporations – particularly when the vendor is headquartered abroad or relies substantially on foreign nationals to execute critical aspects of its contract. This article describes three risk areas related to this common corporate practice and suggests ways to mitigate that risk.OutsourcingOutsourcing of IT application development and maintenance functions has been a routine corporate efficiency strategy since the 1990s. For some reason, it has just become front page news. Members of Congress from both parties have called on various executive branch agencies, including the departments of Justice, Labor and Homeland Security, to investigate the legality of IT outsourcing transactions. Press scrutiny of IT outsourcing transactions has come from both mainstream papers, like The New York Times, and from industry publications, such as Computerworld. Congress has held hearings with numerous witnesses – and committee members – alleging that IT outsourcing companies and their end user clients have abused the H-1B visa category in order to accomplish the outsourcing transaction’s objectives. Labor unions and affiliated organizations, such as the Washington Alliance of Technology Workers, have filed litigation to challenge aspects of government programs that they say facilitate the transactions, and they are rumored to encourage private plaintiffs to sue individually. All of these interests communicate with one another. In order to reduce the risk of government investigations and private litigation, and to combat negative media scrutiny, companies that are contemplating outsourcing or modifying a prior transaction should pay attention to the record they are creating by the following transaction documents.RFP to acquire the services of an IT vendor: What is the stated purpose of the transaction? What are its key features? A template RFP document drafted by the procurement department could read quite poorly to a DOJ lawyer. An accurate but strategically drafted RFP, on the other hand, could put an early stop to prolonged government scrutiny.
 Vendor selection factors: On what criteria were the competing bidders assessed and chosen? Is labor cost reduction a determining factor? If so, then government investigators and plaintiff lawyers will salivate. Most corporate vendor selection decisions are infinitely more complex than just cutting labor costs – the written record should reflect this complexity.
 Master services agreement (MSA): On what general terms are the services of the IT vendor acquired? Is the corporate end user purchasing a service to be developed and provided by another company? If so, then the MSA should not read as if the company is simply acquiring contract labor.
 Statement of work (SOW): The nuts and bolts of acquiring managed IT services are usually set forth in a series of SOWs. In the numerous investigations that we have handled, we have seen countless instances of industry jargon that could create legal liability and language drafted by business units that contradicts helpful language in the MSA. Existing SOWs should be scrubbed for these flaws, and new SOWs should be subject to some level of oversight by corporate counsel.
 Will the outsourcing transaction result in a layoff of corporate employees? If so, then media and government scrutiny are likely. There are steps to take to minimize the risk posed by this aspect of an IT reorganization. Is knowledge transfer a part of the transaction? This is a particularly sensitive public policy issue. It is critical to structure and document this process carefully. In short, it is difficult to be too cautious when IT reorganizations impact legacy corporate employees. Vendor Compliance Program​​Government enforcement agencies are ramping up scrutiny of the placement of vendor employees at worksites of corporate end users. This scrutiny often starts at the airport. Increasingly, we see immigration-related investigations by enforcement agencies emanating from detailed examinations of U.S. Customs and Border Protection’s refusal to admit vendor employees at ports of entry if they have not provided information comporting with the terms of their nonimmigrant visa. When large numbers of port-of-entry refusals have been detected for a particular company, subpoenas have been issued to examine the vendor management practices of the corporate end user.What are the government agencies looking for? One example appears to be noncompliance with the L-1B Visa Reform Act, which prohibits corporate end users from managing the L-1B employees of their vendors. Revocation of some or all of a vendor’s L-1B visas could cripple key corporate functions, such as IT testing and maintenance. Management of vendor H-1B employees by corporate end users, under policies in place at U.S. Citizenship and Immigration Services (USCIS), can likewise, in certain circumstances, disqualify the foreign national from visa eligibility. This situation is also dangerous because it could imply joint employment and allow enforcement agencies to impose responsibility for any vendor’s H-1B noncompliance on the corporate end user. And what company, no matter how carefully compliant, wants a close examination of the documents related to its interactions with its vendors of IT or similar functions? Finally, enforcement agencies remain vigilant for vendor misuse of B-1 visas when a work visa, like an H-1B or L-1B, is required instead. This is arguably old news since at least 2009, when Infosys settled a criminal investigation into its alleged misuse of B-1 visas for $34 million. In our compliance and enforcement defense work, however, we still see sloppy use of B-1 visas that creates exposure for some companies. Understanding the limitations of B-1 visas remains a concern, particularly if an enforcement agency will seek to impute knowledge of a vendor’s alleged B-1 misuse to the corporate end user. This area of risk therefore points to the critical need for corporate end users to have effective compliance programs for their key vendors’ immigration practices. An effective compliance program’s functional parameters are informed by the United States Sentencing Commission’s guidelines for an effective compliance and ethics program. Companies implementing such programs should consult with experts in how to apply these compliance principles to the immigration risks generated from vendor relationships. We understand that some government enforcement agencies are exploring creative theories of corporate end user liability under federal civil and criminal fraud statutes. The stakes are thus not limited to administrative immigration penalties or disruption of a vendor’s contract responsibilities. Actual legal risk to the corporation is also a potential outcome. Joint Employment​A final area of enhanced immigration risk is a trend by government enforcement agencies to allege that a joint employment relationship exists between a vendor and its corporate customer. The consequences of an agency proving such a relationship are that the corporate end user could be liable for any immigration misconduct of a vendor. This risk is not insignificant, given the fact that many vendors (particularly those in the IT field) use significant numbers of foreign nationals to execute aspects of their contracts. A joint employment theory could allow Immigration and Customs Enforcement, for example, to hold a corporate customer liable for its vendor’s I-9 compliance failure, or could allow the DOJ’s Office of Special Counsel for Immigration-Related Unfair Employment Practices (OSC) to incorporate a vendor’s workforce into its theories of discriminatory conduct by a corporate end user.Most immigration and anti-discrimination agencies (for example, the Equal Employment Opportunity Commission, USCIS and OSC) are subject to the common law test for assessing whether joint employment exists. That test is well-understood, is supported by ample federal court case law applicable to many federal agencies and requires a number of objective factors to be satisfied before joint employment can be established. Not every government agency understands or applies the test faithfully, but legal recourse is available if the agency does not. This administration, however, has shown its willingness to depart from the common law test in search of a standard that is friendlier to agencies seeking to establish joint employment. The most famous example is the recent decision by the National Labor Relations Board (NLRB) in Browning-Ferris Industries of California Inc., Case 32-RC-109684 (Aug. 27, 2015), in which the board rejected the common law requirement that “reserved or indirect control” must actually be exercised for joint employment to be established. The board concluded instead that a corporate end user’s theoretical contractual right to exercise control alone could be enough to establish joint employment, even if such theoretical control had not been exercised or had only been exercised in a limited manner. By using this broadened standard, the board commenced actions against major chain restaurants, arguing that they were liable for the labor practices of their independent franchisees. These NLRB enforcement actions are currently being challenged, but they signal a clear trend to expand joint employment principles.In this light, is it difficult to image this or a future administration attempting to extend the NLRB’s theory of joint employment to other agencies? Not at all. And what would happen if the immigration or anti-discrimination agencies advanced a similar theory of joint employment? Even if we resist the temptation to advance a parade of horribles, it is safe to say that the risk to corporate customers of being charged with liability for the employment and immigration practices of their vendors would increase substantially if the NLRB’s definition of joint employment were utilized by federal immigration agencies. Finally, it is important to recognize a tension between effective vendor compliance programs and avoiding joint employment claims. A generally effective corporate compliance program will “exercise due diligence to prevent and detect criminal conduct.” U.S. Sentencing Commission, Federal Sentencing Guidelines, § 8B2.1(a). Due diligence requires that “the organization shall periodically assess the risk of criminal conduct” and take steps to update its compliance program to reduce the risk of such conduct. Id. at §8B2.1(c). The vendor compliance program therefore requires corporate end users to set standards and, at appropriate junctures, to inquire into the vendor’s immigration programs. But does such due diligence require, for example, that a corporate customer require its vendors to regularly provide copies of the I-9 Employment Eligibility Verification forms of their employees? Absent compelling factual circumstances, the answer is no – or else the potential for joint employment liability could be enhanced. Corporate users of vendors must therefore take into account both the steps necessary to ensure that their vendor compliance programs are effective under the sentencing guidelines and to avoid creating documents or taking such rigorous vendor oversight actions that a federal agency could argue that the corporate customer is effectively the joint employer of the vendor’s employees.It is an economic fact of life that large corporations use specialty companies to execute portions of the corporation’s routine business functions so that the corporation can focus on its areas of expertise. These well-established corporate management techniques have come under scrutiny recently by Congress and by federal immigration agencies, however, and that trend is likely to continue. The risks of the scrutiny described in this article are tangible, but they are also manageable. This article was intended to set forth some parameters for managing these new risks so that corporate end users of vendors have an agenda for further consideration. Bo Cooper, a partner in the firm’s Washington, DC, office, leads the Government Strategies and Compliance group. Carl W. Hampe, a partner in Fragomen’s Washington, D.C., office, focuses on immigration litigation, compliance counseling and enforcement defense. The authors can be reached at bcooper@fragomen.com or champe@fragomen.com with questions about the article.