Section 1: Check – understanding your current HR compliance state

How can a business owner understand what their current HR compliance state is and identify where their gaps might be?

Steven: It’s such a common question. We work with businesses of around 10 people right up to 50 or 60 employees, and at some point they all face the same compliance challenge. The three areas we advise clients to look at first are contracts of employment, policies, and personnel files.

Steven: Starting with contracts, a lot of organisations have been using the same document for years. The contract that worked when you had five employees will likely not be fit for purpose when you reach 30, 40, or 50 people. You need to make sure your contracts reflect how your business actually operates today and include up-to-date statutory particulars covering things like family leave, flexible working, notice periods, and variation clauses. There was also a legislative change in April 2020 which added new requirements to employment contracts and made them a day-one right. If you have not reviewed your contracts in the past few years, now is the time to do it.

Steven: On policies, many organisations we work with have nothing in place, which is a very risky position. There are three policies every employer is legally required to have. A health and safety policy if you employ more than five people, a disciplinary policy, and a grievance procedure. Those are the bare minimum. Beyond those, there are several areas worth reviewing given recent changes. Statutory sick pay rules are changing in April, so check your sickness absence policy. Since October 2024, employers have a positive duty to prevent sexual harassment in the workplace, so if you do not have a policy covering that, you need one. And flexible working rules have changed significantly in recent years, so if your policy has not been updated, go back and look at it.

Steven: On personnel files, a lot of businesses store them digitally now, which is great. But others still have paper files sitting in a cabinet that nobody looks at. The key thing to check is that right-to-work checks have been completed for all employees and are documented correctly. We had a client recently who was still using the pandemic-era process where you could verify documents over video call. That changed some time ago. Now you either verify in person or use one of the government’s approved digital identity verification systems. Also, if you employ foreign workers or students, make sure their visa records are up to date and that you are taking the required action as an employer if any are close to expiry.

Shona: That sounds like quite a long list. You do have a compliance checklist that businesses can use, which we will share at the end.

Section 2: Address – fixing the gaps you find

Once a business has identified its compliance gaps, what is the right approach to addressing them?

Steven: We always talk about PFI: prioritise, fix, and implement. The most important thing is not to panic. You need to prioritise the risks you have found. Which gaps carry the most legal risk for your business? Where is the immediate exposure? Use a simple traffic light or numbered system to work out what needs to be fixed now. The goal is not perfection. You do not need to fix everything at once, and trying to do so often means businesses focus time on the wrong things.

Steven: When you do fix something, fix it properly. Do not put a temporary patch on it and come back in six months. I have had clients do that for years and what starts as a small issue becomes a much bigger problem further down the road, especially for growing businesses. Sort it when you find it.

Steven: The implement part is about making sure you have repeatable processes in place to manage things like performance, absence, and conduct going forward. That means written policies, applied consistently and fairly, and managers who understand when to escalate and get further advice, whether from a senior manager, an HR consultant, or a legal team.

Shona: The managers piece is really important, isn’t it? You can have the policies, but if the people responsible for applying them don’t understand them, that creates a different level of risk.

Steven: Exactly. Make sure your policies are accessible to all employees, not kept under lock and key and only pulled out when there is a problem. Employees need to understand what is expected of them and how your business operates. And policies often contain a lot of legal jargon. Part of the work is translating that into something managers can actually understand and apply. Because if they cannot understand it, they will not be able to put it into practice. And that is very often where organisations end up in tribunal situations, not because they had no policy, but because they had one and did not follow it.

Section 3: Legal – staying ahead of the changes coming through

What do employers need to be aware of from a legal perspective, particularly with so many changes coming through the Employment Rights Act?

Steven: There is a lot happening over the next 18 months. Most business owners will be aware of the Employment Rights Act 2025, with changes being implemented through secondary legislation across this year. But before we get to those, there is one area where many employers still have significant gaps, and that is prevention of sexual harassment in the workplace. Since October 2024, doing nothing is no longer a defence. Employers need to implement risk assessments and put in place training that actually addresses how harassment could occur in their specific workplace. A generic online module is not enough. If it does not reflect how your business operates, it will not be defensible at tribunal.

Steven: Looking at what is coming through this year, the unfair dismissal qualifying period is changing from two years down to six months, which takes effect in January 2027. That might sound like a while away, but if you are hiring someone today, they will reach that six-month qualifying period in January next year. It is really important to think now about how you manage probationary periods. Make sure you are having documented check-ins at the right points, typically around weeks four, eight, and eleven for a three-month probation, so you have time to extend or make a final decision based on evidence. Where we see a lot of clients struggle is that managers simply do not complete the required checks. That is going to be a much more serious problem once the two-year safety net is gone.

Steven: Before we even get to January 2027, as of October this year the time limit for an employee to bring a claim to tribunal is expected to increase from three months minus one day to six months. So employees can work for a shorter period and still have qualifying rights, and they have longer after their employment ends to bring a claim. Getting your processes as robust as possible now is the right approach.

Section 4: Maintain – staying compliant as your business grows

With so much change happening, how can businesses reduce their risk and stay compliant on an ongoing basis?

Steven: Being proactive is the key. Organisations that are ISO accredited tend to be much more on top of this because they have regular reviews of personnel files and compliance elements built into their processes. But for a business with 30 employees and no HR support, bringing all of that together can be really difficult.

Steven: My advice is to reach out and use the resources available. ACAS is always a good starting point. There are lots of free updates, templates, and policy documents you can download, including employment contracts. The important thing is to tailor whatever you download to your specific business. Do not just use something off the shelf, because it has to be relevant to how you actually operate.

Steven: Also worth knowing, as part of the Employment Rights Act, the government is establishing a new Fair Work Agency from April this year. It will take a much more proactive approach to auditing organisations on things like national minimum wage, holiday pay, and statutory sick pay compliance. There will be more robust checks in place, so now really is the time to look at how your business manages its compliance and prepare for what is coming.

Shona: Thanks very much Steven. We’ve covered a lot of ground today on how to find and fix HR compliance gaps. If you want to get in touch with Steven and find out more about ACE HR, the website and LinkedIn links are below. And as we mentioned, there is a free HR essentials checklist, and we will also be generating a quiz from this conversation so you can do a self-assessment on where your business stands.

Steven: Thank you very much for having me.

Links

Website: https://www.acehr.co.uk/

LinkedIn: https://www.linkedin.com/in/stevenbeattie/