Originally published: 15 March 2026

This analysis is based on Nimble Global's proprietary research and 30+ years of practical experience across over 90 countries.

© 2019 - 2026 Nimble Global. All rights reserved.

Across the workforce industry, organisations talk extensively about compliance.

Panels debate it, conferences promote it, and vendors regularly promise it. Yet far fewer organisations focus on governance, the systems that verify whether compliance is actually happening.

When you step back and examine how many organisations actually operate, a different reality often emerges.

A phrase from the legal world comes to mind:

The theatre is noisy, and easy to see and hear. Vendor presentations describing ‘compliant’ workforce solutions, contracts filled with indemnification clauses and flow-down language, and policies that explain how things are supposed to work.

The signal is harder to find. Actual governance systems that verify whether those things are happening in practice.

Workforce models are no longer defined primarily by direct employment. Organisations now operate in complex ecosystems involving staffing suppliers, MSPs, subcontractors, EOR/AOR providers, platforms, consultancies, and freelance workers. In that environment, the distinction between compliance theatre and genuine governance becomes critical.

Remove the noise, and a fundamental governance question appears:

For corporate leaders and boards with fiduciary oversight responsibilities, that question is no longer optional.

Fiduciary duty is about oversight, not operations

At its core, fiduciary duty requires directors and senior officers to act in the best interests of the company and exercise reasonable care, skill, and diligence in overseeing corporate activities. While legal frameworks differ across jurisdictions, the underlying principle is remarkably consistent: corporate leadership must ensure that appropriate governance systems exist to detect and manage legal risk.

In the United Kingdom, these duties are codified in the Companies Act 2006, which requires directors to promote the company's success and exercise reasonable care, skill, and diligence in carrying out their responsibilities.

In the United States, courts have further expanded the concept of board oversight responsibility. The landmark decision in In re Caremark International Inc. Derivative Litigation established that directors must ensure systems exist to monitor legal compliance and corporate misconduct. Later, Stone v Ritter clarified that boards may face liability if they fail to implement monitoring systems or consciously ignore compliance risks.

Canadian jurisprudence reflects similar expectations. In BCE Inc v 1976 Debentureholders, the Supreme Court of Canada confirmed that directors must act in the best interests of the corporation while considering broader stakeholder impacts. Although Canadian courts have not adopted the exact Caremark doctrine used in the United States, directors are still expected to ensure that appropriate governance and risk management systems are in place.

The principle is simple.

Good intentions do not replace proper governance. Courts have repeatedly emphasised that directors must ensure corporate decisions and operational structures are lawful and appropriately governed.

The concept of governance oversight is therefore not merely theoretical. Across multiple jurisdictions, courts have made clear that leadership cannot rely solely on policies, contractual assurances, or supplier representations. Effective oversight requires systems that verify whether compliance is actually occurring in practice.

The workforce model itself is changing

Many organisations now operate complex workforce ecosystems involving staffing suppliers, MSPs, subcontractors, consultancies, talent platforms, and independent professionals. In some organisations, the external workforce already equals or exceeds the internal employee population.

These models effectively create workforce supply chains involving multiple legal entities and jurisdictions.

Each additional layer introduces potential exposure across areas such as worker classification, payroll and tax compliance, employment law obligations, immigration rules, and permanent establishment risk.

Governance systems are what detect problems before they escalate. Contracts allocate responsibility after something goes wrong.

Governance failures rarely appear in contracts

Most organisations attempt to manage workforce risk through contractual protections such as indemnification clauses, flow-down obligations, and supplier warranties. These mechanisms are important, but they address liability after a problem occurs.

Governance operates differently. Governance systems exist to detect risk before it escalates. They answer practical questions such as:

• Do we know all the suppliers involved in the workforce supply chain?

• Are subcontracting relationships visible?

• Are classification practices consistent across suppliers?

• Do leadership teams have visibility into workforce risk comparable to financial or cybersecurity risk?

Without governance systems that answer these questions, contractual protections alone cannot prevent compliance failures. They simply determine who may be responsible once the problem becomes visible.

Past Success Is Not Evidence of Present Compliance

A common executive response to workforce governance concerns is straightforward:

That argument ignores three major structural shifts.

1. Workforce models are becoming more complex as organisations rely increasingly on external labour.

   
   

2. Workers have never been more informed about their legal rights and remedies.

3. Governments around the world are actively introducing legislation focused on gig work, contractor classification, and platform labour. These forces create a new risk environment. Past experience is no longer, and in reality, rarely was a reliable predictor of future exposure.

How workforce investigations actually begin

Many corporate leaders assume major compliance cases begin with deliberate misconduct.

In practice, they often begin with something much smaller.

• A single worker files a complaint.

• A contractor questions their tax status.

• A routine payroll audit identifies inconsistencies.

• A whistleblower raises concerns about subcontracting practices.

What begins as a narrow inquiry can quickly expand. Regulators rarely examine only the individual complaint. They ask broader questions:

• How many workers are engaged under this model?

• Which suppliers or subcontractors are involved?

• Are similar practices occurring across the organisation?

• What governance systems exist to monitor compliance?

If systemic issues are identified, enforcement actions may expand far beyond the original complaint. At that point, the question often shifts from operational error to governance oversight.

At that point, the issue is no longer operational compliance. It becomes a question of governance oversight and, therefore, a question of fiduciary responsibility.

Questions board members should be asking management

Directors responsible for governance oversight must understand how their organisation manages workforce risk.

Key questions include:

• Do we have a complete map of our external workforce supply chain?

  • Yes / No

  • If No: Who currently owns visibility of the external workforce supply chain?

  
  

• Is one executive clearly accountable for workforce compliance governance?

  • Yes / No

  • If No: Which function currently assumes this responsibility?

  
  

• Do we have systems that monitor compliance across suppliers and subcontractors?

  • Yes / No

  • If No: How is supplier compliance currently monitored?

  
  

• Does workforce risk appear in enterprise risk reporting to leadership or the board?

  • Yes / No

  • If No: Where is workforce risk currently reported, if anywhere?

  
  

• Has the workforce programme ever been independently assessed by a party not involved in operating the programme? Yes / No

  • If No: When was the last formal internal review conducted?

  • If Yes: When was the most recent independent assessment completed?

Interpreting the results

• Five Yes answers: Governance oversight appears mature. Periodic independent validation should still occur to ensure controls remain effective as the workforce programme evolves.

• Three to four Yes answers: Governance structures exist, but may contain gaps. An independent review can help identify blind spots between policy, supplier activity, and operational reality.

• One to two Yes answers: The organisation may carry significant unmanaged workforce risk. Leadership visibility and governance oversight are likely limited.

• Zero Yes answers: The organisation may be relying primarily on contractual assurances rather than governance oversight, creating potential regulatory, tax, and reputational exposure.

Governance, not just compliance

Workforce compliance failures typically begin with governance gaps rather than misconduct.

More often, they arise from fragmented supply chains, unclear accountability, and limited visibility into operational practices. As workforce models and systems continue to evolve, organisations that treat workforce risk as purely operational may find themselves reacting to problems after they occur. Those who treat it as a governance responsibility will be far better positioned to identify and manage those risks before they escalate.

The future of workforce management will be defined by governance, not by contracts alone or operational efficiency.

Stay Nimble. Stay Compliant.

About the Author: With extensive experience in workforce compliance and global workforce solutions, David Ballew has consistently driven innovation and operational excellence. As the Founder and CEO of Nimble Global, David combines deep industry expertise with a unique perspective shaped by his neurodiverse AuDHD profile, enabling creative problem-solving and multidimensional insight. A pioneer in MSP models and workforce technologies, he is dedicated to bridging global compliance gaps and helping organisations build resilient, future-ready workforces.

Disclaimer: This content is intended for informational purposes only and does not constitute legal, tax, or employment advice. Readers should consult qualified professionals in relevant jurisdictions before acting on the guidance provided. Nimble Global disclaims any liability for actions taken based on this publication.

bg