Are We Compliant? Seeking Advice on Storing Employee Investment Proofs Online

Hi, I represent an HRMS service provider IT company. For a few of our clients, we have started investment portals where investment proofs are submitted online (scanned copies) by the employees. We verify the investments "online" and update them. We maintain the soft copies for future reference on a cloud-based server.

Now, the advice I solicit from all the senior subject matter experts is... Is there any non-compliance under any act here? If so, how do we regularize it... Request suggestions...

Compliance and Operational Aspects of Investment Portals

The method you are specifying is for the convenience of the employees. The method you proposed needs to be checked for compliance and operational aspects as below:

Compliance Responsibility

The compliance issue you are concerned with lies with the employer. As per the IT department, the employer has to consider the proofs, compute tax, deduct at source, and deposit with the IT department.

Employee's Role in Investment Declaration

Declaring investments is the responsibility of the employee. To address this, the employer needs to have a self-declaration from the employee, which usually states that the proofs are authentic, complete, and further allows the employer to deduct tax based on the proofs. Check how you are managing this.

Verification and Updates

Then you are going to "Verify" and "Update" the investments. I assume this is necessary if an employee uploads incorrect documents either erroneously or purposely. Will there be any alert to the employee about updates?

Role in Tax Clarifications

The tax department sends a notice to the employee if any clarification on tax is required. What will be your role in this situation when an employee needs documents of investments considered in tax computation?

Yes, as rightly mentioned by you, we do follow the same process of declaration by the employee. We deduct tax based on the declaration, submission of authentic documentation by the employee, verify the authenticity, and reject and communicate back to the employee in case of discrepancies. If the employee isn't satisfied with the discrepancy, then we deduct the tax as per the liability, barring the discrepant investment. From a process perspective, it's a convenience for managing a huge employee base across a larger geography. Remittances, filing of returns, and further procedures are as per the provisions of the IT Act.

Legal and Compliance Concerns

However, our concern is, "Is there a legal/compliance objection in terms of doing the whole exercise on the web, maintaining soft copies instead of papers on a cloud server?" Does any act specify/prevent maintaining soft copies of investments on a cloud server?

For example, although time punches are nowadays captured using biometric or swipe cards, organizations need to have written consent from the ALC office.

Regards, Vidyesh