Problems with Stripe Atlas Incorporation for Canadians
We frequently work with Canadian startups operating a U.S. (usually Delaware) company incorporated on their behalf by Stripe Atlas. On the surface, Stripe’s assistance with incorporating this U.S. company seems convenient and an easy way to meet the U.S. entity requirements to use the Stripe payment processing platform. However, a number of material issues are generated by Stripe when it incorporates a U.S. company on behalf of a Canadian startup.
Problem #1
It’s critical to understand that a U.S. company cannot operate out of Canada without registering as doing business in Canada (thus exposing the company to unnecessarily complicated Canadian/US dual taxation), which Stripe does not address in its standard documentation.
The common solution to this is to treat the U.S. company as a parent to (or as a subsidiary of) a new Canadian company and isolate each company’s tax obligations in their respective countries.
Problem #2
Your U.S. company formed by Stripe needs to transact with your Canadian company on an arm’s length basis, taking into account tax transfer pricing rules. If you don’t engage in tax planning around the flow of cash and assets between the two companies, expect expensive tax problems in the future
These tax issues can typically be addressed through cross-border tax planning as documented in an Intercompany Agreement in which we address the flow of cash and assets between the two companies. For example, in the agreement we can address which company books sales in which countries and how the cash from these sales moves between the companies.
While Stripe Atlas touts the ease and speed with which a U.S. company can be incorporated, it neglects the massive cross-border legal and accounting issues that forming a U.S. company abroad generates. If these issues are understood before incorporating, Stripe Atlas can be a valuable tool but, if not understood and planned for, expect it to generate more problems than it solves for.
Employees Disguised as Contractors
As your company grows, you may be looking to expand your team and add to your workforce. When hiring additional employees or engaging independent contractors you need to be well-aware that an independent contractor may actually be considered an employee, regardless of how you label the person.
Employees are entitled to rights pursuant to the applicable Employment Standards Acts (based on the province the employee resides) such as: (1) vacation pay; (2) overtime pay; (3) statutory holidays; (4) notice period or payment in lieu of such notice period upon termination; (5) severance pay; and (6) employment insurance benefits.
Independent contractors are not entitled to such benefits. However, if a government authority determines that an independent contractor is actually an employee based on the factual relationship between the parties, the independent contractor will be entitled to all of the above rights and there may be penalties that come with such determination.
There is no one test to determine whether a worker is an employee or an independent contractor, but here are some factors to consider when engaging an independent contractor:
Level of Control: Does the worker set his/her own hours of work? Does the worker determine how the services are to be completed?
Equipment: Is the worker required to provide his/her own tools and equipment for work?
Sole Income: Is the employer the sole source of income for the worker? Is the worker prohibited from taking other jobs?
Subcontractors: Is the worker allowed to engage subcontractors for the services?
Opportunity for Profit: Is the worker taking on a chance for profit and a risk of loss?
Compensation: Is the worker providing monthly invoices to the company?
The above factors may all be considered when determining whether a worker is an employee or an independent contractor. If a worker who you presumed to be an independent contractor is determined to an employee, you may face fines and penalties including and related to unpaid vacation and overtime pay, severance pay, employment payroll taxes and employment insurance deductions and remittance. All of which are costly, so way the least!
In summary, you will need to assess the relationship between the company and each of its potential workers before determining whether to commit to an employee or contractor relationship, something that your legal team is best suited to assist with to avoid costly penalties down the road.
Changes to California’s Privacy Law – Consumer Privacy Rights Act
On November 3, 2020, California voters approved the California Privacy Rights Act (CPRA), which replaces the California Consumer Privacy Act of 2018 (CCPA).
The CPRA expands consumers’ rights regarding protection of personal information. Companies collecting personal data should review the changes to ensure compliance. Indeed, we anticipate that enforcement of these laws will drastically increase when the CPRA comes into effect
For many companies, the CPRA may not directly apply, but companies may be contractually obligated to comply with the law if they conduct business with large tech firms. As as a result, it will be prudent for many companies to comply in order to ensure they can continue to service their clients.
Major changes include:
- Enforcement
The CPRA creates the California Privacy Protection Agency, a government body tasked to make the regulations and enforce the CPRA. It is predicted that the CPRA will increase the level of enforcement because it is partially funded by the fines.
- No more warnings
The new law eliminates the 30-day cure period provided by the CCPA. The CCPA provided notices to businesses not complying with the law and allowed them to fix the violations within 30 days without having to pay fines. The notice and cure period no longer exist with the CPRA.
- Sensitive Personal Information
The CPRA creates a new subcategory of personal information, which includes information such as biometric information and contents of e-mails and texts. Collection of sensitive personal information compels additional disclosure, opt-out and use requirements.
- Expansion of Consumer Rights
Consumers now have the right to opt-out of businesses sharing and selling their personal information. Under the CCPA, consumers only had the right to opt-out of the sale of their personal information. Consumer also have the right to request businesses to delete their personal information and businesses must notify third parties to delete the personal information as well.
The CPRA will become effective on January 1, 2023 with a look back period of 12-months so businesses will need to comply by January 1, 2022.
The CPRA will likely be the foundation for privacy legislation in other states and on a federal level. Similar laws will pass in the near future in many states including Washing and New York and on a federal level in both the US and Canada.
In this constantly changing regulatory environment, it will be critical to review your data collection practices and Privacy Policy to ensure that your company remains compliant and to avoid enforcement actions.
California Consumer Privacy Act comes into Force Jan. 1, 2020
The California Consumer Privacy Act (the “CCPA”) is a new law intended to enhance privacy rights and consumer protections for California residents, which comes into force on January 1, 2020.
In the lead-up to the CCPA coming into force, this blog post covers three common questions we receive: (1) do I need to comply? (2) when do I need to comply? and (3) what happens if I do not comply?
1. Do I need to comply? Probably, but not directly. Most companies that operate from Canada or in states other than California, will not directly have to comply with the CCPA as the territorial scope of the law is fairly limited, especially when compared with the EU’s General Data Protection Regulations (the “GDPR”). To fall under the territorial scope of the CCPA, you have to be a for-profit business doing business in the State of Californiaand have one of three factors apply:
(a) gross revenue of over $25,000,000 USD;
(b) handle the personal information of more than 50,000 consumers, households or devices (it is unclear in the Act, at this stage, whether this is a California or world-wide number); or
(c) derive more than 50% of annual revenue from the selling of consumers’ personal information.
While the CCPA may not apply directly to many companies, as we saw with the GDPR rollout in 2018, the CCPA will likely indirectly apply as major tech companies like Google and Apple will have to comply with this law and as such, they will likely require, as part of their own compliance requirements, that companies they do business with that collect personal information also comply. The extent of this indirect compliance is currently unclear and may only apply to certain provisions of the CCPA.
2. When do I need to comply? The effective date of the CCPA (the date at which the CCPA becomes law), is January 1, 2020, and while enforcement by the California Attorney General’s office may not begin until supporting regulations are finalized (deadline for regulations is June 1, 2020), we recommend that companies that need to comply directly begin compliance work immediately and aim to be fully compliant by January 1. Companies that only need to comply indirectly may have some time to wait and see how the CCPA will affect contracts and terms with CCPA compliant companies but it won’t hurt to be compliant by early 2020.
3. What happens if I do not comply? Beware of the cost! There are several penalty clauses in the CCPA, including $2,500 for each non-intentional violation and $7,500 for each intentional violation. If you have over 50,000 users, these penalties can easily amount to over $125,000,000. For companies that will have to comply indirectly through contracts or user agreements, beware of indemnification clauses and other liability amendments that may push these penalties onto your company.
For many companies, the CCPA may not directly apply. However, it’s important to monitor CCPA factors, relative to your company’s business, to ensure that you do not miss compliance should a factor be met in the future – this is especially important in rapidly growing startups where it’s easy for a compliance obligation to be missed. Even if the CCPA factors are not met, there may be an obligation to comply as large tech companies will likely be complying and force compliance on everyone else they do business with.