Guide · Compliance
The six compliance questions that protect you.
Under India's Contract Labour Act, you're liable for your vendor's PF and ESI defaults. Here's how to check.
Manjunath S L 15 years in Bengaluru facility operations 40+ active sites 150+ people on ground
Every Bengaluru admin head who has signed a housekeeping or security contract has, in that moment, taken on more legal exposure than they probably realize. Under the Contract Labour (Regulation and Abolition) Act, 1970, the principal employer — your company — is jointly liable for the contractor's statutory compliance. If your vendor's Provident Fund filings default, the notice can land on your company's registered office. The vendor signed the contract; the Act holds both of you accountable.
This guide lists six questions you can ask any vendor — ours included — to check whether their compliance is operational, paper-thin, or absent. Ask them monthly. Keep the answers on file. Follow up when dates slip. The questions are small; the protection they give you is not.
Why compliance audits fall on you
Most admin heads first learn about joint liability when a notice arrives. By then, the vendor has usually already stopped filing. This section explains the exposure in plain language, without the legal paragraph numbers.
The Contract Labour Act was written to prevent large employers from using contract staffing as a way to avoid statutory obligations. The law's logic is simple: if the work benefits your company, the law views you as partially responsible for the wellbeing of the people doing it. That includes whether their PF is deposited, whether their ESI is current, whether they get the bonus they're entitled to, and whether the wage register reflects what they were actually paid.
When a vendor defaults, the Employees' Provident Fund Organisation (EPFO) does not only pursue the vendor. Recovery notices regularly name the principal employer as a co-respondent. For ESI, the Act is similar. In practice, most of our clients who inherited us from a prior vendor discovered old compliance gaps in the first month — gaps the prior vendor had assured them were fine.
The good news: the same Act gives you the right to demand proof, in writing, every month. The six questions below are the checks a procurement committee can run on any vendor without a lawyer in the room.
The six questions, in order
1. Can you share your CLRA license number and validity date?
What a good answer looks like. A good vendor provides the license number, the issuing authority (Karnataka Labour Commissioner for most Bengaluru vendors), the validity date, and a PDF copy within the same day. The number should be verifiable against the state labour department's public records. Validity is annual and must be renewed before it expires.
What a bad answer looks like. A bad answer is any version of 'we're updating our license' or 'the license is in the parent company's name.' CLRA licenses are site-specific or firm-specific by design — you need to see the license under the name of the entity that will invoice you. If the vendor can't produce the document within 24 hours, assume it doesn't exist in current form.
2. Can you share the last three months of PF challan copies?
What a good answer looks like. A good vendor sends three PDFs: one per month, each showing the establishment code, the employee list contributions were filed for, the total contribution amount, the transaction reference number from EPFO's online portal, and the filing date (which must be on or before the 15th of the following month). Each challan should match the number of staff the vendor actually deployed on your site — if your building had 8 housekeepers that month, the challan should include 8 names under your site code, not 2.
What a bad answer looks like. A bad answer is 'we file at the firm level, not the site level' followed by a single challan that doesn't tell you which employees it covers. That's a red flag because it means you can't verify whether the people on your floor were actually in the filing. Another bad sign: challans without transaction reference numbers (suggesting they are draft forms, not filed returns).
3. Can you share the last three months of ESI challan copies?
What a good answer looks like. ESI is applicable for staff earning up to ₹21,000 per month — which covers almost all frontline housekeeping and security. A good vendor produces three challans, each listing the employees covered under your site and the contribution amount. ESI deposits are due by the 15th of the month following the wage month. The dispensary code on each employee's ESI number tells you which ESI hospital they can access — your admin team should have this list.
What a bad answer looks like. Bad answers here are of two kinds. The first: 'most of our staff earn above ₹21,000 so ESI isn't applicable' — verify this against the wage register; it's rarely true for housekeeping and security in Bengaluru. The second: ESI challans that cover half the staff on your site, with the other half described as 'under the firm's other establishment code' — that often means the other half weren't registered at all.
4. Do you maintain a wage register under Form XVII (or digital equivalent)?
What a good answer looks like. A good vendor shares a sample page showing each employee's name, days worked, daily wage rate, total earnings, deductions (PF, ESI, any advances), net paid, and a signature or digital acknowledgement. The numbers on the wage register should match the numbers on the PF and ESI challans. Digital registers are legally acceptable in Karnataka if they are timestamped and non-editable after payment.
What a bad answer looks like. A pre-printed wage register — rows of identical numbers, signatures that look suspiciously similar, no variation for absent days or leave — is a classic red flag. It usually means wages on paper do not match wages paid. If you want to quickly test a vendor, ask for the wage register for the same three months as the PF and ESI challans and cross-check three random employees. Honest vendors will not mind the check; cheating vendors will delay.
5. Are uniforms, boots, ID cards provided at your cost — or deducted from wages?
What a good answer looks like. A good vendor provides uniforms and basic protective equipment as part of the operational overhead, not deducted from the employee's first month's wages. The cost appears in the vendor's proposal as a line item under the vendor's side of the cost stack. Replacement cycles (typically two sets of uniforms per year) are specified.
What a bad answer looks like. A vendor who deducts uniform cost from first-month wages is, in most cases, below the minimum wage on that first cheque. This is a compliance violation regardless of how the employee 'agreed' to it at hiring. If you ask for the wage register, this will often show up as a 'uniform deduction' line that you should press the vendor to explain.
6. What is your average attrition rate for site-deployed staff, and how is continuity protected?
What a good answer looks like. A good vendor will tell you their rate without hedging: 30 to 50 percent is industry reality for housekeeping and security in Bengaluru. Anyone claiming under 20% is likely counting differently (e.g. excluding probation-period exits, or counting only supervisors). The more important question is the follow-up: how is continuity protected? Acceptable answers include a named second-in-line supervisor trained alongside the primary, written SOPs stored centrally (not in one person's head), and a published reliever response time — e.g., 'within 2 working hours from a confirmed no-show, from a standing reliever pool.' Vendors who can name this number operationally have thought about it; vendors who say 'we'll arrange' are guessing.
What a bad answer looks like. A vendor who claims zero attrition is either inexperienced, misleading, or managing a site so small that statistics don't yet apply. A vendor who admits the number but has no continuity plan is being honest about the problem but has not solved it — which means you will feel the turnover every quarter.
What to do with the answers
The answers only matter if they are requested, filed, and followed up. A procurement committee that asks once and forgets is not protected by having asked.
Build a simple monthly compliance ritual. The 10th of each month is a good cutoff — PF and ESI challans for the previous month should be filed by the 15th, so a 10th-of-month ask gives the vendor five days and your team five days to verify. Include the request in your admin team's SOP: same date, same template, same storage location.
"For our monthly compliance file, please share PF challan, ESI challan, and wage register sample for the previous month by the 10th. Our compliance review is on the 12th; any gap triggers an escalation call with operations."
A template line that works: 'For our monthly compliance file, please share PF challan, ESI challan, and wage register sample for the previous month by the 10th. Our compliance review is on the 12th; any gap triggers an escalation call with operations.' Send it once; then send it again on the 10th every month. Vendors who run clean operations find this easy. Vendors who don't will eventually tell you, by their delays, what they are.
If a filing is late, escalate within the same week — not at quarter-end. Late filings compound: a delayed PF filing in April becomes a penalty in May, becomes a notice in June, becomes a notice to you in July. The vendor who filed on time pays nothing; the vendor who filed a week late pays ten percent penalty; the vendor who didn't file at all generates a notice that names the client. Same document, three different outcomes, determined by a phone call in the second week of the month.
The red flags
- "We'll send those later" — the most common stall. Filings either exist or don't; there is no 'later.'
- "We're updating our license" — if the CLRA license is genuinely being updated, the vendor has a receipt and a current provisional document.
- Wage register with pre-printed signatures, identical amounts across months, or no variation for weekly offs.
- Attrition rate claimed under 20% — industry reality in Bengaluru is 30 to 50%; below that is either a counting trick or a very small sample.
- Uniforms or deposits deducted from the first month's wage without explicit line-item breakdown.
- Unwillingness to name the supervisor's second-in-line — means the plan doesn't exist.
- PF challan without transaction reference number — means it may be a draft, not a filed return.
How PROWESS handles these
PROWESS files PF and ESI challans by the 7th of every month — a week ahead of statutory deadline, because small buffers prevent last-week cascades. Our CLRA license is current; we provide the number and validity on any proposal that moves to commercial discussion.
Our clients receive a monthly compliance pack emailed on the same calendar day every month. It contains the PF challan, the ESI challan, the wage register sample for any audit-ready sampling, and the attendance summary. Clients do not have to ask. If the calendar day is a Sunday or public holiday, the pack arrives on the next working day.
We take the view that compliance is not a feature of our service — it is the baseline legal condition of our service. If a client ever has to prompt us for a challan, that is a failure we log internally. The system is designed so that they don't.
Frequently asked questions
How often should I audit my vendor's PF filings?
Monthly. PF is filed monthly; an annual audit catches gaps twelve times too late. A ten-minute check on the 10th of each month is the right cadence.
What happens if my vendor defaults on PF?
The EPFO can issue recovery notices to both the vendor and the principal employer. In practice, the notices typically name the principal employer because the employer is the more findable entity. Remediation means paying the arrears plus interest and then pursuing the vendor for recovery — a long process.
Can I request historical compliance records from a current vendor?
Yes. Under the Contract Labour Act you can request all statutory documents — PF challans, ESI challans, wage registers, CLRA license — for the entire period of engagement. Vendors are obliged to provide them. A vendor who refuses is, by doing so, telling you something.
Is monthly compliance the same as an annual audit?
No. Monthly compliance is operational verification that a filing happened and matches the deployed headcount. Annual audit is an independent third-party review that catches systemic gaps — misclassified wages, uncovered employees, CLRA license lapses. Both are necessary. Monthly is the first line of defense.
Want us to walk your site?
If you've read this far, you're taking compliance seriously. We'd be glad to show you how ours runs.