Worker classification (W-2 vs 1099, and the ABC test)
The biggest sleeper risk in offshore hiring for US businesses. Engage a Philippines contractor like an employee (fixed schedule, your tools, your direction, ongoing) and states with an ABC test, like California under AB 5, can reclassify them, with back wages, benefits and penalties attached. Our Philippines entity employs the person there, so you're contracting with our entity for services rather than paying an individual as a 1099 contractor with employee-like control. That structure keeps the classification exposure off your books.
Philippines statutory obligations
Payroll, SSS, PhilHealth, Pag-IBIG, 13th month pay, tax withholding and end-of-year filings. On EOR, our entity manages these under Philippines law. On COR, we structure the arrangement so it stays genuinely independent and the obligations sit where they should. You don't need a US employer of record for staff based in the Philippines, and you don't need to figure out cross-border payroll yourself.
IP, NDAs and data (CCPA, HIPAA, PCI in scope)
Standard NDAs and IP assignment clauses on every engagement, so work product ownership isn't ambiguous under US law. Data is more nuanced. If you handle California consumer data (CCPA/CPRA), health data (HIPAA), or card data (PCI), your obligations follow the data wherever it goes. We can set up managed devices, enforce access controls and sign a data-processing addendum where it fits. What data you allow into which systems, and how you meet your own regulatory obligations, stays your call. We guide you on the sensible defaults.
Cyber baseline
NordLayer for network access, managed devices where the role or client requires it, MFA on the accounts we can enforce it on, and documented offboarding so access is actually removed. Not a silver bullet. A baseline that raises the floor for most US SMBs above where they'd be hiring a direct 1099 contractor working from a personal laptop.
What stays yours
Your own data governance. Your own customer contracts, privacy notices and regulatory obligations. How you treat the person day to day. Decisions about what work you route offshore. We won't claim to carry these, because we can't. We'll help you think about them properly.
Frequently asked questions
How do we avoid misclassification issues with offshore contractors?
By not paying the individual as your 1099 contractor. You contract with our Philippines entity for services and we employ the person there. The ABC test and similar state tests target the direct relationship between your business and the worker. Removing that direct relationship, and keeping the arrangement genuine, is what neutralises the exposure.
What about CCPA, HIPAA or PCI if the person handles our customer data?
Your regulatory obligations stay yours. We help you set access, controls, contracts and processes so working with offshore staff doesn't quietly breach them. Where a data-processing addendum or BAA-style commitment is appropriate we'll work through it with you.
Can offshore staff access US customer data?
Yes, when the role requires it, with the same controls you'd apply to any staff member: least-privilege access, MFA, managed devices where warranted, documented offboarding. Sensitive regulated data (PHI, cardholder data) needs to be scoped deliberately.
Get the compliance side right the first time
Book a call and we'll walk through classification, Philippines statutory, IP, data and cyber for your specific US setup.
Book a compliance call