Most business owners enter PEO relationships focused on benefits and payroll efficiency—not regulatory exposure. That’s understandable. But the co-employment model creates a unique compliance landscape where enforcement actions can hit from multiple directions.
Your PEO might handle day-to-day HR administration, but when regulators come knocking, they often knock on both doors.
This isn’t about fear-mongering. It’s about understanding where the real risks live so you can evaluate PEO partnerships with clear eyes and ask the right questions before signing.
The enforcement risks covered here aren’t theoretical. They’re the scenarios that catch businesses off guard because the liability lines in co-employment aren’t always where you’d expect them to be.
1. Joint Employer Liability Under Federal Wage and Hour Laws
The Challenge It Solves
Under the Fair Labor Standards Act, the Department of Labor doesn’t recognize co-employment as a shield from wage and hour violations. They apply a joint employer analysis that looks at economic dependence and control factors.
Both the PEO and the client company can be held liable for violations like misclassification, overtime failures, or minimum wage issues. The DOL’s position is straightforward: if both entities benefit from the employment relationship and exercise control, both can be responsible.
This becomes a problem when business owners assume the PEO’s involvement transfers all compliance responsibility. It doesn’t.
The Strategy Explained
The way to manage this risk is through clear documentation of who controls what and regular verification that wage and hour practices actually comply with FLSA standards.
Your PEO may process payroll, but you typically control work schedules, job duties, and classification decisions. Those are the areas where violations most often occur.
If a DOL investigation finds exempt employees misclassified or overtime improperly calculated, the fact that your PEO handled payroll processing won’t insulate you from liability. The investigator will look at who made the classification decision and who benefited from the work performed.
Joint liability means both parties can be pursued for back wages and penalties. In practice, the DOL often goes after whoever has deeper pockets or better documentation. Understanding PEO contract liability risks before signing can help you negotiate better protections.
Implementation Steps
1. Document in writing which party is responsible for employee classification decisions, and require PEO sign-off on any exempt classifications you propose.
2. Conduct annual wage and hour audits independent of your PEO’s processes, focusing on classification accuracy and overtime calculation for non-exempt employees.
3. Require your PEO to provide written confirmation that their payroll system correctly applies FLSA overtime rules, including proper calculation of the regular rate for employees with shift differentials or bonuses.
Pro Tips
Get a clear written statement from your PEO about how they handle classification questions and whether they’ll flag potential misclassification risks. Some PEOs will process whatever you tell them to process. Others actively review classifications and push back when something looks wrong.
You want the latter. That pushback is valuable.
2. State-Level Workers’ Compensation Audit Exposure
The Challenge It Solves
Workers’ compensation is where the co-employment model gets messy at the state level. Some states fully recognize PEO arrangements for workers’ comp purposes. Others don’t, or only partially do.
State auditors can pursue client companies directly for premium adjustments, classification disputes, or coverage gaps—even when the PEO is supposed to be handling workers’ comp.
The risk intensifies when employee classifications change or when state auditors disagree with how the PEO classified certain roles. If the PEO used a lower-risk classification code than the auditor believes is appropriate, the premium adjustment and penalties can land on your business.
The Strategy Explained
Workers’ comp exposure in a PEO relationship comes down to three areas: classification accuracy, state-specific recognition of the PEO arrangement, and what happens if the PEO’s coverage lapses or is disputed.
In states that don’t fully recognize PEO co-employment for workers’ comp, you may be required to maintain your own policy or be treated as uninsured during an audit. That’s a compliance violation that carries serious penalties.
Even in states that do recognize PEO arrangements, auditors can challenge employee classifications. If your workforce includes roles that don’t fit neatly into standard classification codes, expect scrutiny.
The PEO’s workers’ comp carrier will conduct periodic audits. Those audits can result in significant premium adjustments if actual payroll or classifications differ from what was initially reported. Learning how PEO workers’ comp premiums are calculated helps you anticipate these adjustments.
Implementation Steps
1. Verify that your PEO is properly licensed and recognized for workers’ comp purposes in every state where you have employees, and get written confirmation annually.
2. Review the classification codes your PEO is using for each role, and confirm they match the actual work being performed—not just the job title.
3. Require your PEO to provide you with copies of all workers’ comp audit reports and premium adjustments, and build a process for disputing classifications you believe are incorrect before accepting the adjustment.
Pro Tips
Ask your PEO how they handle classification disputes with their workers’ comp carrier. Some will fight on your behalf. Others will simply pass through whatever adjustment the carrier demands.
If you operate in multiple states, pay special attention to states like California, New York, and Massachusetts, where PEO workers’ comp arrangements face additional regulatory scrutiny.
3. OSHA Enforcement and the ‘Control’ Question
The Challenge It Solves
OSHA’s multi-employer worksite policy assigns citations based on who controls the worksite and the conditions that led to the violation. In most PEO arrangements, that’s you—not the PEO.
The PEO may provide safety training materials or help you develop written programs, but you control the physical workspace, equipment, and day-to-day safety practices.
When OSHA shows up after an injury or complaint, they’re going to look at who had the authority to correct hazards and who directed the work. That’s almost always the client company.
The Strategy Explained
OSHA liability in a PEO relationship doesn’t transfer just because the PEO is the employer of record for payroll purposes. The agency applies a functional analysis of control.
If you control the workspace, provide the tools and equipment, and direct how work is performed, you’re the employer for OSHA purposes. The PEO’s involvement in benefits administration or HR paperwork doesn’t change that.
This surprises business owners who assume co-employment means shared OSHA responsibility. It doesn’t. In practice, OSHA will cite whoever had the ability to prevent the violation.
The risk is compounded when businesses rely on PEO-provided safety programs without actually implementing them or when they assume the PEO’s insurance will cover OSHA penalties. Most PEO insurance policies don’t. Understanding what PEO HR compliance protection actually covers helps set realistic expectations.
Implementation Steps
1. Clarify in your PEO agreement that workplace safety compliance remains your responsibility, and document what safety resources the PEO will provide versus what you must implement independently.
2. Conduct regular safety audits using either internal resources or third-party consultants—don’t rely solely on PEO-provided checklists that may not be tailored to your specific operations.
3. Implement a system for documenting safety training, hazard corrections, and equipment inspections that you control directly, not just records the PEO maintains.
Pro Tips
If your PEO offers safety consulting or on-site assessments, use them—but verify that recommendations are actually implemented and documented. OSHA doesn’t care that you had a safety program on paper if it wasn’t being followed.
After any workplace injury, document your investigation and corrective actions immediately. OSHA inspections often follow serious injuries, and your response timeline matters.
4. Tax Deposit Failures and IRS Collection Actions
The Challenge It Solves
Employment tax liability is one area where the IRS has created a specific protection mechanism through the Certified Professional Employer Organization program, established under the Tax Increase Prevention Act of 2014.
If your PEO is a CPEO, they assume sole liability for federal employment taxes. If they’re not certified, you remain jointly liable—even if the PEO was supposed to handle the deposits.
The problem is that many businesses don’t verify CPEO status or understand its limitations. CPEO certification only covers federal employment taxes. It doesn’t cover state taxes, and it doesn’t protect you if the PEO loses certification mid-contract.
The Strategy Explained
Tax deposit failures happen when PEOs collect payroll taxes from clients but fail to remit them to the IRS on time or in full. This can result from cash flow problems, fraud, or simple administrative failures.
When it happens with a non-certified PEO, the IRS can pursue the client company for the unpaid taxes plus penalties and interest. The Trust Fund Recovery Penalty can even extend to individual business owners.
CPEO certification provides meaningful protection, but it’s not absolute. If the PEO loses certification and you’re not notified, the protection may lapse. Understanding the full scope of IRS certified PEO requirements and protections is essential before relying on this safeguard.
State tax authorities don’t recognize CPEO status. For state income tax withholding, unemployment insurance, and other state-level obligations, you remain exposed to PEO failures regardless of federal certification.
Implementation Steps
1. Verify your PEO’s CPEO status directly with the IRS using their online search tool, and set a calendar reminder to re-verify quarterly—certification can be suspended or revoked.
2. Require your PEO to provide you with copies of federal tax deposit confirmations at least quarterly, even if they’re a CPEO, so you can verify deposits are actually being made.
3. For state tax obligations, implement a separate verification process and consider requiring the PEO to provide proof of state tax deposits or obtain a bond covering potential state tax failures.
Pro Tips
CPEO status is valuable, but it’s not a reason to skip due diligence. Check the IRS CPEO list yourself—don’t just take the PEO’s word for it. The list is public and updated regularly.
If your PEO isn’t certified and won’t pursue certification, that’s a red flag. The certification process requires financial audits and bonding. PEOs that can’t or won’t get certified may have financial stability issues. Knowing the key differences between CPEO and PEO helps you evaluate this risk.
5. State Unemployment Insurance Rate Manipulation Investigations
The Challenge It Solves
SUTA dumping—the practice of manipulating state unemployment insurance rates through shell companies or improper transfers of payroll—is illegal under federal law and aggressively prosecuted by state labor departments.
Some PEOs have been investigated for SUTA dumping schemes, and when that happens, their client companies can face penalties, rate adjustments, and even criminal referrals depending on their level of knowledge or participation.
The risk isn’t just fraudulent PEOs. It’s also situations where legitimate rate structures get challenged by state auditors who believe the PEO arrangement was designed primarily to avoid higher UI rates.
The Strategy Explained
State unemployment insurance systems assign experience ratings based on an employer’s history of layoffs and UI claims. Businesses with high turnover pay higher rates.
When you join a PEO, your employees typically move to the PEO’s UI account and rate. If the PEO has a favorable rate, that can reduce your UI costs. If they have a poor rate, your costs increase.
Problems arise when PEOs engage in rate manipulation—creating new entities to avoid rate increases, improperly transferring employees between accounts, or structuring arrangements specifically to game the UI system.
State labor departments have gotten aggressive about investigating these practices. When they find violations, they can assess penalties against both the PEO and the client companies, adjust rates retroactively, and refer cases for criminal prosecution in egregious situations. These are among the real PEO risks and drawbacks that catch businesses off guard.
Implementation Steps
1. Ask your PEO directly about their UI rate in each state where you operate and how that rate was established—if they’re evasive or claim a suspiciously low rate despite having many clients, dig deeper.
2. Verify that your PEO has been operating under the same legal entity and UI account for at least several years—frequent entity changes can indicate rate manipulation schemes.
3. Review your PEO agreement for language about UI rate guarantees or protections, and confirm that the PEO will notify you immediately if they receive any state UI audit notices or rate challenges.
Pro Tips
If your PEO’s UI rate seems too good to be true compared to what you were paying independently, it probably is. Legitimate PEOs with large client bases and diverse industries typically have moderate UI rates—not exceptionally low ones.
Multi-state operations face compounded risk because UI rate manipulation investigations often start in one state and expand. Make sure your PEO’s UI compliance is solid everywhere, not just in your primary state.
6. ACA Reporting Errors and Employer Mandate Penalties
The Challenge It Solves
The Affordable Care Act’s employer mandate requires applicable large employers to offer affordable, minimum-value health coverage to full-time employees or face penalties under Section 4980H.
In a PEO relationship, determining who is the applicable large employer and who is responsible for reporting can get complicated. Both the PEO and the client may have reporting obligations depending on structure and employee count.
Reporting errors—incorrect employee counts, wrong coverage codes, missing forms—can trigger IRS penalty assessments. When those penalties arrive, disputes often arise about whether the PEO or the client was responsible for the error.
The Strategy Explained
ACA compliance in a PEO arrangement requires clear documentation of who is responsible for determining full-time status, offering coverage, and completing IRS reporting forms.
Most PEOs handle the administrative work of generating 1095-C forms and submitting 1094-C transmittals. But the underlying data—who is full-time, what coverage was offered, whether it was affordable—often depends on information the client provides.
If the PEO generates forms based on incorrect data you provided, the resulting penalties are yours. If the PEO makes errors in coding or filing despite receiving correct data, the responsibility question becomes murkier. Understanding PEO regulatory reporting legal risks helps you structure accountability properly.
The IRS doesn’t care about your internal PEO agreement when assessing penalties. They look at who the applicable large employer is under the law and who failed to comply with reporting requirements.
Implementation Steps
1. Document in writing which party is responsible for determining full-time employee status each month, and implement a process for regularly providing accurate hours data to your PEO if that’s their responsibility.
2. Review draft 1095-C forms before they’re filed, not after—errors are much easier to correct before the IRS receives them than after penalty notices arrive.
3. Require your PEO to provide you with copies of all ACA-related IRS correspondence, including penalty notices, and establish a clear process for who will respond and who will pay if penalties are assessed.
Pro Tips
If you’re close to the 50 full-time employee threshold, pay extra attention to how your PEO counts employees and whether they’re aggregating your workforce with others for ACA purposes. Misunderstandings here can result in unexpected mandate applicability.
ACA penalty notices often arrive years after the coverage year in question. Make sure your PEO agreement addresses how long they’ll maintain records and support you in responding to late-arriving IRS inquiries.
7. State PEO Licensing Lapses and Coverage Gaps
The Challenge It Solves
PEO licensing requirements vary dramatically by state. Some states require specific PEO registration or licensing. Others have no PEO-specific regulations at all.
When a PEO operates in a state without proper licensing, several problems can arise: their workers’ comp coverage may not be recognized, their ability to serve as employer of record may be challenged, and you may be treated as operating without proper insurance or employment authorization.
Multi-state businesses face the highest risk because verifying licensing across jurisdictions is complex and most business owners don’t know which states require what.
The Strategy Explained
PEO licensing isn’t just a formality. In states that require it, operating without a license can void the co-employment relationship for regulatory purposes.
That means if your PEO isn’t properly licensed in a state where you have employees, state regulators may treat those employees as if you directly employ them—without the benefits of the PEO’s insurance, bonding, or compliance infrastructure.
Licensing lapses can occur when PEOs expand into new states without completing registration requirements, when they fail to renew existing licenses, or when state regulators revoke licenses due to compliance failures. Companies expanding quickly should understand how PEOs handle multi-state compliance before assuming coverage is automatic.
You typically won’t know about a licensing lapse unless you’re actively monitoring it. PEOs don’t always notify clients immediately when state licensing issues arise.
Implementation Steps
1. Before signing with any PEO, verify their licensing status in every state where you currently operate or plan to expand, using state labor department or PEO regulatory authority websites.
2. Require your PEO to provide annual written confirmation of current licensing in all relevant states, and include contract language requiring immediate notification if any license is suspended, revoked, or lapses.
3. For multi-state operations, implement a quarterly verification process where you independently check your PEO’s licensing status in your top three states by employee count.
Pro Tips
States with specific PEO licensing requirements include Florida, New York, New Jersey, and several others. If you operate in any of these states, licensing verification should be part of your annual PEO review process.
When expanding to a new state, confirm your PEO’s licensing status before you hire anyone there. Don’t assume that because they’re licensed in your current states, they’re automatically licensed everywhere.
Putting It All Together
Regulatory enforcement risk isn’t a reason to avoid PEOs. It’s a reason to choose carefully and maintain appropriate oversight.
The co-employment model works well when both parties understand their responsibilities and when the business owner doesn’t treat the PEO relationship as a complete transfer of compliance obligations.
Before signing with any PEO, verify their licensing status in every state where you operate. Confirm CPEO certification if tax liability protection matters to you. Get clear written documentation of who is responsible for what when it comes to compliance.
Ask specifically about their track record with regulatory audits. How many DOL investigations have they faced? How do they handle client notification when state auditors show up? What’s their process for responding to IRS penalty notices?
The best PEO relationships are built on transparency about these risks, not on pretending they don’t exist.
Before you sign that PEO renewal, make sure you’re not leaving money on the table.
Many businesses unknowingly overpay because of bundled fees, hidden administrative markups, and contracts designed to limit flexibility. We give you a clear, side-by-side breakdown of pricing, services, and contract terms—so you can see exactly what you’re paying for and choose the option that truly fits your business.
