For electronic I-9 users, questions have swirled around what exactly are you required to produce within 72-hours in the event of a government audit, and what standards will ICE use to evaluate I-9 software?
Do you print out all your I-9 forms? Will ICE agents conduct the audit on your I-9 electronic system without printouts? Will your system pass the ICE test? For the answers to these questions, employers have been entirely at the mercy of the particular ICE agent conducting the audit investigation.
On July 22, 2010, the Department of Homeland Security (DHS) published a final rule relating to signatures and storage of electronic Form I-9’s that went into effect August 23, 2010 (see our previous post). However, we have all been waiting on regulations concerning this very topic, particularly in light of the huge uptick in ICE I-9 audits in the last few years creating a very uncertain climate for employers, as well as recent changes to E-Verify, and concerns over very severe consequences for non-compliance.
The new Memorandum provides guidance to Homeland Security Investigative (HSI) Agents and field offices, effective August 23, 2012, concerning how to evaluate electronically generated and stored I-9 records during an audit and the minimum standards for electronic audit trail requirements for use in establishing civil fines.
Let’s summarize what ICE agents will expect from employers who are using an electronic I-9 system at the onset of an investigative audit:
1) Audit Trails: Whenever an electronic I-9 form is created, completed, updated, modified, altered or corrected – a secure and permanent record must be created (audit trail) that establishes the date accessed, who accessed it and what action was taken.
2) Software Provider Information: Upon service of an NOI (Notice of Inspection), special agents or auditors will request the name of the software product being utilized and any internal business practices and protocols related to the generation of, use of, storage of, security of and inspection and quality assurance programs for the electronically generated I-9 Form.
3) Indexing System: The employer will also be asked to provide the indexing system identifying how the electronic information contained in the I-9 form is linked to each employee and documentation of the system used to capture the electronic signature, including the identity and attestation of the individual electronically signing the form.
4) Auditors will Request at least one printed, completed I-9 form to ensure compliance with the regulation. Your system should permit you to download a PDF version of the I-9 form that syncs up with the required information on the actual fields of the I-9 form.
5) Lastly, auditors will request access to the system for a demonstration of the generation of an electronic I-9 form.
Once it’s determined by the agents that the audit trails are in compliance, the auditors will be referring to the flow chart attached to the Memorandum (see link at the end of the post) and audit trail that illustrates the minimum acceptable standards (know that the auditors can request to see additional system data and documentation) of electronically generated I-9 forms.
We recommend that you discuss this Memorandum very specifically with your HR department, your I-9 electronic vendor to ensure that they comply with the regulations, and that you update your standard operating procedures to reflect compliance with these new regulations. We link to the Memorandum here
Please refer to our list of compliance services and solutions as well as our Employer Resource Center at www.I-9Audits.com If you are a member of LinkedIn, you might wish to check out our I-9/E-Verify: Smart Solutions for Employers group.
Should you wish to consult with us, email info@immigrationcompliancegroup.com or call to speak with one of our immigration professionals 562 612.3996.