Posted on
Share on Facebook
Share on Twitter
Share on LinkedIn

The news is saturated with reports of immigration arrests and raids across the United States. Soon, Immigration and Customs Enforcement (ICE) agents and auditors will turn their attention to workplaces known to employ undocumented immigrants. Little wonder then that we have been busy responding to employer requests for immigration compliance consultations.

One issue that comes up repeatedly in these consultations is whether the electronic I-9 software the employer is using will meet ICE regulatory standards in the event of an audit. While the electronic verification process has reduced employer exposure to the kinds of paperwork violations that plagued employers in the past, many commercially available I-9 software products lack the security, integrity and reliability control features required by regulation – potentially leaving employers holding the bag for thousands of dollars in civil money penalties.   ICE leadership is acutely aware of the non-compliant features in many I-9 software products, some of which permit employers to hire workers known to lack proper documentation. For that reason, ICE has a strategic plan to target suspect employers for I-9 audits leading to the arrest of undocumented workers and potential criminal charges against their offending employers.

We are perhaps 90 days out from the launch of a massive I-9 inspection campaign – potentially starting as high as 600 per month based on target quotas established by ICE during the prior Trump Administration. Once ICE serves a Notice of Inspection (NOI), it will be too late to attempt to correct errors. The time is now to investigate and take corrective action to mitigate avoid costly civil money penalties. 

Where to Start in Assessing Electronic I-9 Compliance

The most important question an employer should ask its I-9 vendor is whether the vendor’s software can produce an  audit trail for each of the employer’s stored I-9 files that identifies every user with a unique identifier and provides a time and date stamp when users access the system to create, complete, update, modify, or correct a file.  If the software stores the required metadata relating to each such critical event in the I-9s history, the vendor should be able to produce an electronic spreadsheet depicting each element of the audit trail for every I-9 in the employer’s inventory file. If the vendor cannot produce this critical event audit trial for all the employer’s I-9s and the employer continues to use that vendor’s software, it is likely that the employer will be penalized severely in the event of an ICE audit. The reason is simple:  The employer will be deemed unable to prove the following:

  • Only the employee and preparer translator completed Section 1.
  • Only the employee signed and dated the Section 1 attestation.
  • Only the employer’s authorized representative completed Section 2 and only after Section 1 had been completed and signed.
  • Only the employer’s authorized representative completed the Reverification Supplement in Section 3.
  • Only the employee or Preparer Translator made corrections to Section 1; and
  • Only the employer’s authorized representation has been corrected or updated Section 2.

The failure to establish the above compliance requirements constitutes a substantial violation. If the employer’s software platform is deemed totally non-compliant,  the employer will likely be charged with missing I-9s for all active and termed employees within the audit retention period.  The current base fine for each ”missing” I-9 in such cases approximates $2800. In an audit covering a modest I-9 inventory of 100 files,  a total base fine in the range of $280,000 could be assessed.    

Key Take Away:  Remediation is possible if the software failure is identified before ICE serves a Notice of Inspection. Although effective remediation would entail redoing the I-9s of all active employees — either on a compliant I-9 software platform or on paper – the alternative is continued exposure to substantial civil money penalties. 

Additional Requests to Make of Your I-9 Vendor 

In December 2023, the U.S. Department of Justice Civil Rights Division (DOJ) and Immigration and Customs Enforcement, Homeland Security Investigations (ICE/HSI) jointly published  a Fact Sheet (https://www.justice.gov/d9/2023-12/joint_form_i-9_software_guidance_12_19_23.pdf )  discussing  what employers should keep in mind when purchasing private sector commercial or proprietary I-9/E-Verify completion products.   

In addition to requesting an audit trail report of their I-9 vendor, employers should seek vendor documentation that its software also satisfies the following general and systemic requirements detailed in the joint Fact Sheet, all of which will be evaluated for compliance in the event of an audit:

  1. The software provides access to the current acceptable version(s) of Form I-9, including Instructions and Lists of Acceptable Documents. For current onboarding activity, the system should be using the 08/01/23 edition with an expiration date of either 07/31/26 or 05/31/27. 
  2. The software requires employees   to complete Section 1 before the employer completes Section 2. It must not permit an employer representative to bypass the Section 1 completion requirements before completing Section 2.
  3. Employees and employer representatives must be allowed to leave optional and unused fields blank when appropriate and where Form I-9 rules permit, such as the Social Security number in Section 1 for employers who do not use E-Verify, the expiration date field in Section 1 next to the “A noncitizen authorized to work” attestation, and any inapplicable document information fields in Section 2.
  4. Employers must be able to enter any acceptable  documentation, including acceptable receipts, that employees choose to present at the time of hire or for reverification.
  5. Employees with only one name must be allowed to enter their name in the last name field and enter “Unknown” in the first name field.
  6. Employees and preparers/translators must be able to make and record corrections to the information entered in Section 1.
  7. The employer certification in Section 2 must include the title, last name, and first name of the person who examined the documents and completed Section 2, as well as the employer’s business name and physical address.
  8. Employers must be able to make and record corrections to Section 2 and information relating to reverification and rehire.
  9. The vendor maintains reasonable controls to ensure the integrity, accuracy and reliability of the electronic generation or storage system, including backup redundancy and confirmation of electronic signatures at the time of the transaction.
  10. The vendor maintains reasonable controls designed to prevent and detect the unauthorized or accidental creation of, addition to, alteration of, deletion of, or deterioration of an electronically completed or stored Form I-9, including the electronic signature, if used. In general, this means that system access is limited to authorized users subject to password protection. 
  11. The vendor maintains an inspection and quality assurance program evidenced by regular evaluations of the electronic  generation  or  storage  system,  including  periodic  checks  of  the electronically stored Form I-9, including the electronic signature, if used.
  12. The vendor maintains a retrieval system that includes an indexing system that permits the identification and retrieval for viewing or reproducing relevant documents and records maintained in an electronic storage system. 

If vendor software is materially deficient in any one or more of the foregoing areas, ICE may determine that the employer’s systems are non-compliant and assess penalties accordingly up to the maximum base fine amount per I-9 file.

Practices to Avoid When Using Form I-9 Software Programs

The December 2023 Fact Sheet also identifies I-9 software practices that raise scrutiny and may result in either I-9 paperwork liability, immigration-related discrimination liability or both in the event of an audit or investigation. These include:

  • Automatically pre-populating the Form I-9 with employee information derived from information that the employer has accessed externally, such as by importing information from an employee’s job application.
  • Completing a Form I-9 on an employee’s behalf unless the employer is helping an employee complete Section 1 as a preparer or translator. In such cases, the employer must complete the required fields for preparers and/or translators.
  • Changing or updating an employee’s Section 1 citizenship or immigration status attestation. If an employee is correcting a previously made error, the employee (or their preparer or translator) must be the one to make the correction in Section 1.
  • Preventing preparers or translators from assisting an employee to complete Section 1.
  • Removing any Form I-9 fields or requesting more or different information than the Form I-9 requires.
  • Adding or removing steps in the E-Verify process if the employer uses E-Verify. In addition, any software integration must comply with the E-Verify web services Interface Control Agreement.
  • Requesting unnecessary documentation (such as reverifying an employee’s identity or impermissibly reverifying an employee’s permission to work in the United States). For example, employers should avoid Form I-9 software programs that generate notifications suggesting that an employee must show a different or additional document based on an expiring List B identity document or a Permanent Resident Card. 
  • Creating new E-Verify cases due to corrections made to the Form I-9 if the employee already received an “employment authorized” result.
  • Using predictive text or post-dating a Form I-9.

To the extent your I-9 protocols include any of the practices recommended for avoidance, we strongly recommend that you terminate such practices and seek legal advice regarding correction and remediation.

Conclusion

If you have any doubts as to the compliance capacities of your current I-9 software program, there is no time to lose in contacting your vendor to address the issues raised herein and to provide you with assurances that it will be able to successfully demonstrate that it meets or exceeds the compliance standards established by ICE.