Most business owners sign with a PEO assuming compliance is fully handled. That’s the pitch, right? Offload your HR headaches, stay compliant, sleep at night.
The reality is messier. PEOs operate under a co-employment model, which means compliance responsibilities are split between you and the provider. The line between what your PEO covers and what still falls on you is often blurry, buried in contract language, or simply never discussed during onboarding.
When that line gets crossed or ignored, the consequences land on your desk. Not theirs.
This article walks through seven compliance gap scenarios that businesses regularly encounter when working with PEOs. These aren’t abstract risks. They’re the kinds of situations that lead to fines, lawsuits, back-pay claims, and operational disruptions. Each example covers what went wrong, why the gap existed, and what you can do to prevent the same outcome in your business.
If you’re evaluating PEO providers or already working with one, understanding where these gaps appear is essential to protecting your company.
1. The State-Specific Leave Law Nobody Tracked
The Challenge It Solves
State and local leave laws have multiplied significantly over the past several years. Paid sick leave, family leave, bereavement leave, and predictive scheduling requirements now vary dramatically by state and even by city. When a business expands into a new state, someone needs to identify those obligations and make sure they’re being met. In a PEO arrangement, that handoff often doesn’t happen cleanly.
The Strategy Explained
Here’s a common scenario: a company headquartered in Texas hires its first employees in Colorado and California. The PEO continues running payroll and administering leave under the original setup. Nobody explicitly updates the leave policy to reflect Colorado’s paid leave requirements or California’s CFRA obligations. Employees accrue leave incorrectly, or the company fails to provide required leave at all.
When an employee files a complaint or the company gets audited, the back-pay exposure can be significant. California, in particular, has aggressive enforcement mechanisms and waiting-time penalties for leave violations that compound quickly. Understanding multi-state payroll compliance is critical for businesses expanding across state lines.
The gap exists because many PEOs treat multi-state compliance as a client-triggered update rather than a proactive service. They may not know you’ve hired in a new state unless you tell them.
Implementation Steps
1. Notify your PEO in writing every time you hire in a new state, even if it’s just one employee. Don’t assume payroll setup triggers a compliance review.
2. Request a written confirmation from your PEO that leave policies have been updated to reflect the new state’s requirements before the employee’s first day.
3. Keep an internal log of which states you operate in and when employees were added, so you can cross-reference against your PEO’s compliance updates.
Pro Tips
Don’t rely on your PEO to catch state expansion automatically. Build a simple internal trigger: anytime HR processes a new hire in a state where you haven’t employed before, that automatically kicks off a compliance review request to your PEO. A one-page checklist is enough to formalize this. The cost of building it is nothing compared to a back-pay claim.
2. Workers’ Comp Misclassification That Triggered an Audit
The Challenge It Solves
Workers’ compensation premiums are calculated based on NCCI classification codes, which categorize employees by job type and associated injury risk. Misclassification, whether accidental or overlooked, can result in underpaid premiums, state audits, retroactive adjustments, and penalties. In a PEO arrangement, the PEO typically manages workers’ comp coverage, which means they’re also the ones assigning classification codes. That creates a layer of separation between you and a decision that directly affects your cost and compliance exposure.
The Strategy Explained
Consider a construction services company that uses a PEO. Several employees who perform both field and administrative work get classified primarily under an office code because that’s the simpler default. During a state audit, the auditor reviews actual job duties and determines the field work should have been classified under a higher-risk code. The result is retroactive premium adjustments, audit fees, and potential penalties.
Misclassification cuts both ways. Overcoding can mean you’re overpaying premiums. Undercoding creates audit liability. Either way, the financial impact is real, and many business owners never review their NCCI codes after initial setup. Learning how to track and verify workers’ comp accounting through your PEO can help you catch these issues early.
Implementation Steps
1. Request a copy of all NCCI classification codes your PEO has assigned to your workforce and compare them against each role’s actual job duties.
2. If any employees have duties that span multiple risk categories, ask your PEO how they’re handling the split classification and what documentation supports the assignment.
3. Review classifications annually or whenever you add new job types, not just at renewal.
Pro Tips
Workers’ comp audits are often triggered by payroll growth or changes in headcount, not just complaints. If your business has grown significantly or shifted the mix of field versus office roles, proactively reviewing your classifications before an auditor does is the smarter move. Ask your PEO directly: when did they last audit your codes?
3. The OSHA Reporting Gap That Fell Between Two Chairs
The Challenge It Solves
OSHA recordkeeping and reporting obligations are one of the most commonly misunderstood areas in co-employment arrangements. Under OSHA’s multi-employer citation policy, both the PEO and the worksite employer can be held responsible for recordkeeping violations. But “both can be responsible” often means neither one takes clear ownership, and that’s where the gap opens.
The Strategy Explained
Picture a mid-size manufacturing company using a PEO. A workplace injury occurs. The PEO assumes the client is handling OSHA 300 log entries and incident reporting because the client controls the physical worksite. The client assumes the PEO is handling it because they manage HR compliance. Nobody files the required report within the 24-hour window for severe injuries.
OSHA citations for late or missed reporting carry real financial penalties, and they’re public record. More importantly, a pattern of missed reporting can escalate scrutiny and trigger a full-site inspection. Knowing exactly what your PEO compliance reporting requirements are helps prevent these dangerous gaps.
This gap is almost entirely a communication problem, but the consequences are regulatory. OSHA’s guidance on co-employment acknowledges shared responsibility, but it doesn’t resolve the operational question of who actually does the work.
Implementation Steps
1. Get written confirmation from your PEO specifying exactly who maintains the OSHA 300 log, who files 300A summaries, and who is responsible for severe injury reporting within required timeframes.
2. Designate an internal point person at your company who owns OSHA incident intake, regardless of what the PEO handles downstream.
3. Build a simple incident response protocol that triggers immediate notification to both your internal contact and your PEO so nothing falls through the cracks during the chaotic hours after a workplace injury.
Pro Tips
Don’t wait for an incident to discover who’s responsible. Have the OSHA conversation with your PEO during onboarding or at your next service review. Ask them to put the responsibility breakdown in writing. If they’re vague about it, that’s a signal to press harder.
4. Benefits Enrollment Errors That Created ACA Liability
The Challenge It Solves
The ACA’s employer shared responsibility provisions under IRC Section 4980H apply to the common-law employer, which means the client company, not the PEO. Even when a PEO administers your benefits, the IRS holds you accountable for ACA compliance failures. Benefits enrollment errors, missed measurement periods, or incorrect eligibility determinations by the PEO can create IRS penalty exposure that lands entirely on you.
The Strategy Explained
Here’s how this plays out: a company with 60 employees uses a PEO to administer benefits. The PEO’s system uses a look-back measurement period to determine ACA eligibility for variable-hour employees. A data entry error or system misconfiguration causes several employees to be excluded from the eligible pool incorrectly. Those employees go without an offer of coverage during the required window.
The IRS issues a Letter 226-J proposing employer shared responsibility payments. The client company is named, not the PEO. The PEO may assist with the response, but the financial liability belongs to the employer. Understanding IRS certified PEO requirements can help clarify what protections you actually have in these situations.
This is a situation where the administrative error happened on the PEO’s side, but the regulatory exposure sits entirely with you. That asymmetry is worth understanding before you assume benefits administration is fully delegated.
Implementation Steps
1. Ask your PEO to provide annual ACA compliance reports, including measurement period tracking for variable-hour employees and documentation of all offers of coverage.
2. Review your PEO’s service agreement to understand whether they offer any indemnification for ACA penalties resulting from their administrative errors. Most don’t, but some do under specific conditions.
3. Maintain your own record of full-time equivalent employee counts so you can independently verify whether you’re subject to ACA employer mandate requirements.
Pro Tips
If you receive a Letter 226-J from the IRS, don’t assume your PEO will handle it. Engage your own tax counsel immediately. The response window is tight, and the penalties can be significant if the initial response is mishandled. Your PEO can provide data, but you need someone in your corner who’s accountable to you.
5. Handbook Language That Contradicted State Law
The Challenge It Solves
Most PEOs provide a template employee handbook as part of their service. It’s one of the more visible deliverables in the onboarding process, and it often looks thorough. The problem is that template handbooks are typically built around federal law and a few common state frameworks. When your business operates in states with more protective employment laws, generic handbook language can actively conflict with what’s legally required, creating liability rather than reducing it.
The Strategy Explained
Consider a company based in Illinois that receives a standard PEO handbook template. The handbook includes an at-will employment section with language about termination procedures that doesn’t account for Illinois-specific protections around certain employee classifications. It also includes a non-compete clause that would be unenforceable under Illinois law as written.
An employee is terminated and, during the dispute that follows, their attorney points to the handbook language as evidence of procedural failures and contractual inconsistencies. The case becomes more complicated and more expensive than it needed to be, not because the termination was wrong, but because the documentation was legally inconsistent. Reviewing PEO joint employment court cases shows how these documentation failures play out in real litigation.
Handbook errors are particularly dangerous because they’re systematic. One bad provision affects every employee who receives that handbook.
Implementation Steps
1. Have a local employment attorney review your PEO-provided handbook before distributing it, specifically checking for conflicts with your state’s employment laws.
2. Flag any provisions related to non-competes, arbitration clauses, at-will language, and leave policies for state-specific review. These are the highest-risk sections.
3. Ask your PEO how often they update their handbook templates and whether updates are automatically applied to your version or require a manual request.
Pro Tips
A one-time legal review of your handbook is a relatively low-cost investment compared to defending a wrongful termination claim. If your PEO pushes back on customization, that’s worth noting. A good PEO should accommodate state-specific modifications, especially for states with complex employment law environments like California, New York, or Illinois.
6. Payroll Tax Filing Errors Across Multiple Jurisdictions
The Challenge It Solves
Payroll tax compliance across multiple states and localities is genuinely complex. Different states have different filing frequencies, tax rates, and rules around nexus. Local jurisdictions add another layer. PEOs handle this processing for you, which is a real operational benefit. But when errors occur, whether from incorrect rate tables, late filings, or misapplied credits, the downstream consequences can include tax liens, penalties, and W-2 discrepancies that take months to unwind.
The Strategy Explained
Here’s a situation that comes up more than most business owners expect: a company with employees in several states discovers during year-end reconciliation that their W-2s don’t match what employees were actually paid. The discrepancy traces back to a state withholding error the PEO made mid-year that wasn’t caught or corrected before year-end processing.
Employees file their taxes using the incorrect W-2s. Some get audited. The company has to issue corrected W-2cs. In some cases, the state has already assessed penalties for the filing error. Unwinding all of this takes significant time and, often, professional help. Understanding what PEO HR compliance services actually cover versus what falls on you is essential to preventing these situations.
The PEO made the error, but the employer is still the one fielding calls from frustrated employees and responding to state notices.
Implementation Steps
1. Reconcile payroll tax filings quarterly, not just at year-end. Ask your PEO to provide quarterly state tax filing confirmations so you can verify filings were made on time and at the correct rates.
2. When you receive any state tax notice, forward it to your PEO immediately and request a written explanation and resolution timeline. Don’t let notices sit.
3. Before year-end, ask your PEO for a payroll tax reconciliation report so you can catch discrepancies before W-2s are issued.
Pro Tips
State tax agencies don’t always send notices to the PEO. They often send them to the employer of record address on file. Make sure someone at your company is actually opening and routing tax correspondence rather than assuming the PEO handles everything that arrives. A missed notice can turn a correctable error into a lien.
7. The Termination Process That Skipped Required Steps
The Challenge It Solves
Terminations are high-stakes moments. Many states have specific procedural requirements around final pay timing, required separation documentation, and COBRA notification windows. When businesses rely on their PEO’s general termination checklist without verifying that it reflects state-specific requirements, they expose themselves to wage claims, penalties, and sometimes litigation. The risk is highest in states with aggressive wage enforcement, and it’s compounded by the fact that terminations often happen quickly and under pressure.
The Strategy Explained
California is the clearest example here. Under California Labor Code Sections 201-203, employees who are involuntarily terminated must receive their final paycheck immediately, at the time of termination. Failure to do so triggers waiting-time penalties equal to one day of wages for each day the payment is late, up to 30 days. That can add up fast for a salaried employee.
A company using a PEO terminates an employee in California. The PEO’s standard termination process routes final pay through the next regular payroll cycle, which is how it works in most states. Nobody flags the California exception. The employee files a wage claim. The company owes the original wages plus penalties, and potentially attorney’s fees if the employee pursues the claim through litigation. Knowing what PEO compliance protection actually covers helps you understand where your exposure lies in these moments.
This isn’t an obscure edge case. It’s one of the most common wage claim scenarios in California, and it plays out in other states with similar requirements too.
Implementation Steps
1. Request a state-by-state termination requirements summary from your PEO covering final pay timing, required documentation, and any state-specific separation notices.
2. Before any termination, confirm with your PEO which state’s rules apply and what the exact process will be, including when and how the final paycheck will be issued.
3. If you’re in a state with immediate final pay requirements, confirm your PEO has the operational capability to issue same-day or next-day final paychecks, and ask how that process actually works in practice.
Pro Tips
Don’t assume your PEO’s termination checklist is state-specific. Ask to see it. If it looks generic, that’s your cue to push for a customized version or to build your own internal overlay for high-risk states. The few minutes it takes to verify the process before a termination is nothing compared to the time and cost of defending a wage claim after.
Putting It All Together
Every one of these scenarios shares the same root cause: the business owner assumed the PEO had it covered, and the PEO assumed the client understood the limits of their service. Compliance gaps almost always live in that assumption zone.
The fix isn’t to avoid PEOs. They genuinely reduce compliance burden for most businesses, and the operational value is real. The fix is to go in with clear expectations, documented responsibilities, and your own lightweight verification processes.
Start with your PEO service agreement. Read the compliance section carefully and identify every area where responsibility is shared or ambiguous. Then build simple internal checks for the highest-risk areas: payroll tax accuracy, workers’ comp classifications, leave law tracking, and termination procedures.
If you’re still evaluating PEO providers, use these scenarios as a screening tool. Ask prospective PEOs directly how they handle each situation. Ask who owns OSHA reporting. Ask how they manage multi-state leave law updates. Ask what happens when a termination in California needs to happen same-day. The quality of their answers will tell you more than any sales deck.
And if you’re already with a PEO and approaching renewal, this is the right moment to pressure-test your current arrangement rather than auto-renewing on autopilot.
Many businesses unknowingly overpay because of bundled fees, hidden administrative markups, and contracts designed to limit flexibility. A clear, side-by-side comparison of pricing, services, and contract terms can show you exactly what you’re paying for and whether it still makes sense. Don’t auto-renew. Make an informed, confident decision.
