PEO Regulators... Why ESAC is Important

PEO Credentials

ESAC's accreditation and financial assurance program provides ongoing verification that a PEO is meeting ethical, financial and operational standards specific to the unique operations of the PEO industry.

A variety of other business-related credentials provide additional methods for checking a PEO's adherence to specific business operations. Use the following chart to compare these additional types of credentials (see footnotes for descriptions of each credential):

Credential(s) Verified
ESAC Accredited & BondedIRS
Audited State LicensedSSAE 16 (SAS70)ISO 9001:2015 WC Risk Mgt Cert
Federal employment tax payments     
State & local employment tax payments      
Retirement plan contributions      
Health benefit plan payments      
Workers’ comp plan payments      
Industry ethical, operational & financial standards compliance      
State licensing / registration     
Annual independent CPA financial audit     
Financial assurance of payment of key employer responsibilities      
Internal controls effectiveness      
Quality management systems conformity      
WC risk management best practices compliance      

ESAC Accredited Bonded
ESAC accreditation is the gold standard for reliability in the PEO industry. As illustrated in the above chart, accreditation also verifies a significant number of other important PEO credentials, as well as verifying that the PEO is owned and operated by qualified people who have a personal and business track record of meeting their financial and legal obligations. ESAC's financial assurance program backs an accredited PEO's performance of key employer responsibilities with individual surety bonds held on behalf of each accredited PEO plus a $15 million excess bond covering all accredited PEOs. Bonds are backed by an A-rated surety carrier licensed in all states.

IRS Certification:
Passage of the Small Business Efficiency Act in 2014 provides congressional validation of PEO service value. IRS certification confirms a certified PEO's payment of its federal employment tax obligations.

Audited Financial Statements:
Audits by an independent CPA are typically performed annually and reflect a "look-back" at the most recent 12-month fiscal year of the PEO’s operations. It is important that all PEO entities under common ownership control are included in the CPA's audit on either a combined or consolidated basis to ensure the PEO's financial stability is not misrepresented. Such statements should demonstrate adequate net worth and working capital, including sufficient financial reserves for any loss-sensitive or self-insured benefit or insurance plans. You can use ESAC's financial standards as a guideline in verifying the adequacy of PEO financial statements.

State Licensing/Registration:
Most states now have specific PEO licensing or registration requirements, ranging from minimal to much more extensive reporting. Currently, states monitor compliance of the PEO entity(ies) operating in their state and do not monitor the compliance of other PEO entities under common ownership control. This limits the effectiveness of a state's ability to pre-emptively detect financial issues that may begin developing in a non-licensed entity under common ownership control. ESAC verifies the compliance of all related accredited PEO entities in all states. Due to ESAC’s extensive compliance verification, a growing number of states rely on ESAC's services as part of the state’s PEO licensing/registration program.

Workers' Compensation Risk Management Best Practices Certification:
This PEO-specific certification program provides ongoing independent professional verification that a PEO is meeting proven insurance industry risk management best practices to reduce work-related accidents and health exposures and control WC insurance losses. Certification provides assurance that the PEO has the capability to deliver important risk management results to companies with safety or workers' compensation issues. Learn more about certification for workers' compensation risk management best practices.

SSAE-16 (formerly SAS70):
The SSAE-16 standard outlines requirements for an auditor to perform an attestation engagement to report on the internal controls of a service organization. Auditors review a management-prepared description of a service organization’s procedures and systems and test a sample of each control for its effectiveness. A Type I report expresses the auditor's opinion of the design effectiveness of internal controls at a point in time, while the more valuable Type II report covers the operating effectiveness of internal controls for a specified period of time.

ISO 9001:2015:
ISO 9001:2015 provides a set of standardized requirements for quality management systems, but does not dictate how the requirements should be met in any particular organization. The standard requires the organization to self-audit its ISO 9001:2015-based quality system to verify that the organization is managing its processes effectively. In addition, the organization may invite its clients to audit the quality system in order to give them confidence that the organization is capable of delivering products or services that will meet their requirements. Lastly, the organization may engage the services of an independent quality system certification body to obtain an ISO 9001:2015 certificate of conformity. Learn more from