Skip to main content Skip to footer site map

Top 10 Regulatory Issues Facing Businesses in 2022

The COVID-19 pandemic has reshaped the regulatory landscape and created uncertainty for businesses, especially around compliance. Paychex has identified 10 regulatory challenges businesses could face in 2022, and how each could impact you.
A pregnant woman who would be eligible for paid leave works on her computer at home.

Update as of 5/18/22: New York City passed an amendment to postpone the effective date of the wage transparency law. See Pay Equity section for details.

As businesses continued working throughout 2021 on reviving their operations or bringing them back to full capacity, it became clear that some of the challenges created by the COVID-19 pandemic — and even the legislation intended to help — would influence their efforts in 2022.

Paychex asked its team of more than 200 in-house compliance experts to compile a list of the 10 most likely regulatory issues that could impact businesses and that employers and HR personnel should prepare for in 2022.

Here are the top 10 regulatory issues identified by Paychex for 2022:

No. 1 Workplace Safety

Litigation, as well as some state Occupational Health and Safety Administrations (OSHA) and Labor departments have created challenges and compliance complexities for businesses beyond the normal requirements for workplace safety.

On Jan. 13, the U.S. Supreme Court ruled to stay the federal OSHA COVID-19 Vaccination and Testing Emergency Temporary Standard (ETS). Businesses with 100 or more employees are no longer required to document COVID-19 vaccinations or test employees. This decision is now pending possible additional litigation in the U.S. Court of Appeals for the Sixth Circuit.

States operating OSHA-approved plans have presented compliance complexities for many businesses beyond the normal requirements for workplace safety. Following the ETS decision, a handful of states opted to take no further action to enforce their state's OSHA programs on vaccinations pending the outcome of future judicial determination. Some states, such as California, Connecticut and Massachusetts, continue to issue executive orders regarding COVID-19 booster shots.

Additionally, the Supreme Court ruled that the Centers for Medicare and Medicaid (CMS) Interim Final Rule (IFR) that requires COVID-19 vaccinations for covered staff in any facilities that participate in CMS programs could proceed. This created a need for CMS to issue a second set of compliance deadline dates to account for the fact that the IFR had been stayed by litigation in 25 states.

Businesses in some states also are navigating other workplace safety measures related to COVID-19. For example:

  • New York and California have mask mandates in place in indoor public places for all individuals (vaccinated and unvaccinated), although some counties in those states are proposing legislation to override the mandate
  • Colorado has left mask mandates up to local jurisdictions

Business owners must also be cognizant of additional laws that the Equal Employment Opportunity Commission (EEOC) enforces regarding the requirement for reasonable accommodation and non-discrimination based on disability and religion.

All of this comes at a time when owners have invested money to adapt their businesses to previous COVID-19 safety regulations that are still visibly apparent — dividers separating employees and customers at a counter, stickers and placards denoting the number of individuals who can sit at a table, remodeled offices and scaled-back restaurant seating in some areas of the country trying to bring employees back to the workplace.

Paychex provides additional details on managing COVID-19 vaccination and testing.

No. 2 Cybersecurity

Cybercriminals, emboldened by numerous successes in 2021, have put businesses of all sizes on high alert for 2022. Cyberattacks have held international industries hostage for significant sums of money and the methods are becoming so much more innovative that small businesses must also be prepared to protect themselves.

With 25% of the workforce in the United States working exclusively from home and 20% working some of the time from home, a total of 45% were working remotely at some point in 2021, according to the U.S. Department of Labor’s Bureau of Labor Statistics data from October 2021. The bureau indicated those numbers have been steady since July 2021. Businesses need to understand how to protect themselves by bolstering their cybersecurity and ensuring those working from home can keep the business protected from phishing, malware, ransomware and data breaches.

A study by Cisco in September 2021 found that 86 percent of organizations surveyed reported having at least one employee connect to a phishing site1.

A federal cybersecurity law does not seem imminent, but federal agencies might propose targeted directives. States, however, are continuing to implement comprehensive regulatory requirements. In 2021, a total of more than 250 bills or resolutions addressing cybersecurity were proposed or considered by all but five states, according to the National Conference on State Legislatures website that tracks legislation. Some of the measures included training and education, mandatory reporting of security breaches and regulating cybersecurity within the insurance industry.

To lower the risk or fallout from a cyberattack, businesses should make sure the vendors they work with have adequate cybersecurity programs and that training is provided to employees that includes education about strong passwords and the handling of customer data. Developing a cybersecurity policy is important, as well as considering the addition of cyber liability insurance that can help limit the damage financially and to the reputation of your business after a cyberattack.

Paychex offers additional resources:

No. 3 — Paid Leave

Paid leave, particularly the legislation passed and workplace policies that were developed during the COVID-19 pandemic, has the potential to have the most-lasting impact on businesses and their employees. COVID-19-related paid family and sick leave legislation that began at the federal level — and has since expired — was passed in a variety of forms by many state and local jurisdictions. At one point during the pandemic, as many as 20 counties and cities in California alone (e.g. Long Beach, Oakland, the city and county of Los Angeles) put paid leave laws on the books.

Many state and local mandates that cover paid sick time, family leave and vaccination leaves are expected to continue into 2022.

There is interest at the federal level for legislation creating more permanent paid family leave, and the U.S. House of Representatives passed the Build Back Better Act with a provision that would guarantee U.S. workers four weeks of paid leave for the following qualified reasons:

  • New parents
  • Their own serious medical condition
  • Need to care for a loved one with a serious medical condition

Note: For the provision to take effect, the bill needs to be passed, as written in the U.S. House of Representatives version, by the U.S. Senate and then signed by the president before becoming law.

At the state and local level, there is a growing trend toward universal paid leave or “paid leave for any reason.” Maine and Nevada already have passed laws including this type of leave.

Keeping track of requirements under applicable laws and how such laws overlap can be complex. Employers should prioritize developing and implementing workplace paid time off policies that comply with applicable leave laws and fit their business needs.

No. 4 — Retirement

In 2020, only 53% of private-industry workers from businesses with 100 or fewer employees had access to a workplace retirement plan, according to the U.S. Department of Labor’s Bureau of Labor Statistics. The government’s passing of the Setting Up Every Community for Retirement Enhancement (SECURE) Act in 2019, which expanded the availability of retirement plans to participants through pooled employer plans (PEP) — effective Jan. 1, 2021 — has helped in this regard and small private-sector businesses are starting to take advantage of the opportunity.

Access to workplace retirement plans for this group saw an uptick to 56% in 2021, with almost 40% of employees participating.

Looking ahead to 2022, there is proposed bipartisan legislation — Securing a Strong Retirement Act and the Retirement Security and Savings Act — that includes provisions such as:

  • Increased and expanded tax credits for small businesses that either start or offer retirement plans
  • Require auto-enrollment in retirement plans for businesses with 10 or more employees
  • An increase in the Required Minimum Distribution (RMD) age that would allow Americans to save longer before being mandated to take money from their retirement accounts
  • Treating student loan repayments as elective deferrals into 401(k) plans in order to allow employers to fund a match

Certain provisions might be introduced as separate bills because larger bills have struggled to gain the necessary votes to pass through both chambers of Congress.

States continue to push retirement plans in the workplace, with 14 states currently having enacted legislation for certain private-sector businesses to offer a state-administered retirement program or implement their own company-sponsored plan.

Most of these plans are established as individual retirement accounts (IRA) with contributions made through payroll deduction. Employers benefit because there is no cost to the businesses while the fees for participating employees, who have the ability to opt out, are low.

Using Oregon — the first state in the nation to establish an auto-enrollment program with OregonSaves — as an example, the number of workers enrolled is near 109,000 with nearly 7,500 employers participating since its inception in 2017.

By 2023, as many as 25 state-sponsored workplace retirement plans could be active in the U.S.

Paychex offers additional resources on retirement plans:

No. 5 — Tax Changes

The topic of taxes is always a top of mind for employers, especially how business decisions related to COVID-19 coupled with the different rules and funding mechanisms each state has might impact state unemployment rates.

Consider the issue around COVID-19 vaccinations. Businesses have lost employees who chose to separate from the company because of COVID-19 vaccination mandates the business was required to implement or that it chose to implement. Generally, when workers voluntarily leave or are terminated for not meeting company rules, they are not entitled to claim unemployment benefits.

However, some states recently have changed their unemployment insurance rules to allow workers to claim unemployment benefits in certain circumstances even if they refused to comply with a vaccination mandate. This approach could significantly impact state UI trust funds and employer tax rates.

Adding to the complexity is the state tax structure for businesses that have adopted work-from-home and hybrid arrangements that include employees living in different jurisdictions than the employer, who will have to comply with the rules of each jurisdiction to fulfill their tax requirements.

The Biden administration also has proposed the IRS be allocated more funding to increase enforcement through enhanced technology and the hiring of more agents. Businesses should be consulting with their accounting and legal advisors to stay on top of these changes and help decrease the likelihood of an audit.

No. 6 — Healthcare Reform

Applicable Large Employers (ALEs) subject to the Affordable Care Act’s Employer Shared Responsibility (ESR) no longer can rely on good faith transition relief from information reporting penalties for furnishing statements or filing returns with inaccurate or incomplete information. The relief, which had been available every tax year since the inception of the ACA in 2015, has been discontinued starting with Tax Year 2021.

The information reporting penalties can be detrimental to a business’ financial situation because they are per statement/return. There are also ESR penalties for failing to offer affordable and adequate health care coverage to full-time employees and their dependents and at least one full-time employee receives a premium tax credit.

There is a potential for greater enforcement with the ending of good faith relief, as well as the possibility of a better-funded IRS to audit businesses should requested funding be allocated for this purpose.

Furnishing and filing returns correctly and in a timely manner could help avoid the risk of costly penalties. A quick example: a Form 1095-C must be furnished and filed for each full-time employee, with a fine of $280 for each failure to furnish and an additional $280 for each failure to file. So, an employer who fails to furnish and file a 1095-C for an employee faces a $560 fine. Failure to do that for 10 of your employees and a business is looking at $5,600 fine; for 50 employees, it is $28,000.

Temporary changes to the Premium Tax Credit might increase the risk of an ESR assessment, while proposed legislative changes, if enacted, to lower the affordability rate related to ESR could impact ALEs. ALEs should consider reviewing the affordability of their health insurance offering and which employees are offered coverage to help assess the risk of ESR penalties.

Paychex offers additional resources that can help businesses:

No. 7 — Pay Equity

The Biden administration issued its National Strategy on Gender Equity and Equality calling for continued accountability and engagement on issues such as pay equity. In 2020, according to the U.S. Department of Labor, women earned only 82.3% annually of the earnings made by men.

Recent legislation at the state and local level has begun to address the pay equity gap. For example, New York City passed a wage disclosure law that was supposed to take effect May 15, 2022. However, a recent amendment postponed the effective date to Nov. 1, 2022. It will require that job postings include a salary range (minimum and maximum), while the amendment stipulates that covered employers will not face financial penalty on their first violation if it is rectified within 30 days.

Several states also have taken steps to help close the gap. Most recently, Washington signed a wage transparency law that takes effect Jan. 1, 2023, requiring employers with 15 or more employees to disclose a wage scale or salary range for each job posting. Employers must also provide a general description of all benefits and other compensation offered to applicants, as well as provide salary ranges upon request to internal applicants for new positions and/or promotions.

There have been salary history bans (which prohibit employers from asking applicants about their current or past salaries) and wage disclosure laws designed to highlight and mitigate gender and other types of discrimination based on pay. Although similar, there are important differences between these laws. See below for a list of general provisions found in additional state laws:

  • California (since Jan. 1, 2018): Applicants can request a salary or hourly range after interviewing for the position.
  • Colorado (since Jan. 1, 2021): Employers must include hourly rate or salary as part of the job posting.
  • Connecticut (since Oct. 1, 2021): Employers must provide the wage range of the position to applicants, the earlier of either the applicant’s request or prior to an offer of compensation. The wage range must also be provided to employees under specific circumstances.
  • Maryland (since Oct. 1, 2020): Wage range must be provided to applicants upon request, after application.
  • Nevada (since Oct. 1, 2020): An applicant can request a wage or salary range after completion of an interview, whereas a current employee can request this information after applying, interviewing or receiving an offer for promotion or transfer.
  • Rhode Island (effective Jan. 1, 2023): Applicants can request a wage range for an open position. Employers must also provide current employees with the wage range for new positions during a transfer (even if not requested) at the time of hire and during employment upon the employee's request.

In some jurisdictions, there are specified penalties for noncompliance, including civil penalties between $500 and $10,000 per violation in Colorado, and up to $5,000 in Nevada. In other jurisdictions, a private right to action exists which might result in compensatory damages.

Additional legislative action is expected, so businesses should stay on top of any developments. Employers should also consult with their legal counsel to ensure that their compensation packages, hiring practices and retention efforts support pay equity and remain compliant.

Paychex offers additional resources that can help:

No. 8 — Worker Classification

The U.S. Department of Labor recently withdrew the prior administration’s final rule designed to simplify the classification of workers as independent contractors, leaving open the possibility that the agency might be looking to propose a new rule. Such a rule could expand the number of workers considered to be employees under the Fair Labor Standards Act, so employers need to monitor legislative developments and court challenges, including those involving the classification of certain app-based workers. Lawsuits and state-level ballot initiatives addressing worker classification in this area is expected.

Businesses will continue to be challenged in their efforts to comply with multiple laws and agency guidance when determining worker status, applying wage and hour and tax laws or eligibility for fringe benefits, not to mention the risk of penalties for worker misclassification.

No. 9 — Employee Privacy

Very few things have impacted privacy issues as the COVID-19 pandemic, particularly workplace screening measures related to vaccination and/or testing for the virus. Employers had to implement policies, quickly in some instances, in reaction to COVID-19 vaccination mandates while balancing the needs of the business against employee privacy expectations relating to the use of the personal information.

With the stay issued by the U.S. Supreme Court of the OSHA Emergency Temporary Standard, large employers are not required to comply with the requirements. This decision is now pending additional litigation in the U.S. Court of Appeals for the Sixth Circuit. However, the Centers for Medicare and Medicaid vaccination mandate for covered staff at facilities that participate in CMS programs is allowed to proceed. This is a good time for impacted employers to review and potentially update their privacy policies. It is crucial that these policies adhere to federal and state laws and are clear and transparent about the collection, use and storage of information obtained during screening.

For example, businesses in California have to be aware of the CA Consumer Privacy (CCPA) Act that grants individuals more control over their personal information that employers collect: providing opt-out from the selling of information, the right to delete certain information collected and a right to be notified at the point of data collection.

Technology solutions developed to help employers with COVID-19 screening measures also come with privacy concerns businesses must address. Several states have enacted biometric data privacy laws — Illinois, Texas, Washington, Arizona are just a few — while the New York Privacy Act of 2021 requires private employers provide, upon hire to employees, written notice of any electronic monitoring that might occur regarding the employee (phone calls, Internet access on any electronic device and emails). The California law restricts an employer from tracking an employee’s location without employee consent. Other U.S. localities have banned facial recognition technology in the government.

There is much businesses must consider when developing and/or updating their privacy policies, so consult with legal counsel to ensure all applicable laws of your state have been taken into account.

No. 10 — Cannabis in the Workplace

Although cannabis remains an illegal drug under federal law, states and local jurisdictions continue to propose and pass legislation that addresses decriminalization of marijuana, recognition of medical marijuana use and legalization of recreational marijuana.

Recreational marijuana use is legal in 19 states and the District of Columbia after New York, Virginia, Connecticut and New Mexico passed laws in 2021.

Businesses should consider how this will impact risk mitigation strategies, including adaptations to accommodate use of medical marijuana, and changes to existing parameters of drug testing programs.

Paychex is Here to Help

With potential privacy issues developing from screening policies around COVID-19 vaccination and testing, along with possible legislation impacting retirement, businesses should be preparing for another year of fast-paced regulatory change. To help you stay up-to-date, visit our interactive state-by-state tool, our Coronavirus Help Center and our Paychex Knowledge Center. You can also subscribe to our newsletter to get the latest COVID-19 information delivered right to your inbox.

This article was originally published Jan. 20, 2022.

1 Cyber Security Threat Trends report, Cisco, September 2021

*This content is for educational purposes only, is not intended to provide specific legal advice, and should not be used as a substitute for the legal advice of a qualified attorney or other professional. The information may not reflect the most current legal developments, may be changed without notice and is not guaranteed to be complete, correct, or up-to-date.

We can help you tackle business challenges like these Contact us today

* This content is for educational purposes only, is not intended to provide specific legal advice, and should not be used as a substitute for the legal advice of a qualified attorney or other professional. The information may not reflect the most current legal developments, may be changed without notice and is not guaranteed to be complete, correct, or up-to-date.