This guide is for founders starting a fully remote company in the United States.
- How to incorporate without an HQ
- Avoiding common pitfalls with addresses and mail
- How to hire remotely
- Setting up payroll in multiple states and countries
- How to stay compliant and avoid penalties
- How to implement security and stay safe
- Running the company asynchronously
Choose a unique-ish company name that is available in every state.
Company names are unique by state (it’s actually much weirder than that: you can have the same name as a company that is a different entity type like an LLC and sometimes if the other company gives you permission). You generally can’t register a company that has the same name as an existing company even if it’s no longer in business and even if it has a different suffix like Inc and Corp.
For fully remote companies it’s even more difficult. Through the course of growing the business you’ll end up operating in many states. If you are operating in many states, chances are you will end up registering as an out-of-state company at some point and guess what? You’ll need a unique company name there too. If it’s not unique you will probably need to register a DBA (doing business as). Multiply that by the number of states and Common Name, Inc. just generated a bunch of work for you forever.
My company Mosey was originally Mosey, Inc. but we changed it to Mosey Works, Inc. for this very reason.
How to check
At a minimum you should check your home incorporation state and where your founders live. Your incorporation state because, well you can’t register the company if it’s not unique, and the state you live because you will probably register there too. California is particularly good at enforcing this.
You can check if your company name is available by searching the Secretary of State’s business directory. Every state has a public registry (except Texas costs $1.00 for some reason?) that you can search to see if your company name is taken.
You don’t need to match the company name to your product name, those are different things and names change. Try not to spend too much time optimizing this.
Use a virtual mail address as your corporate and mailing address
When you incorporate, make a virtual mailing address your company address and mailing address. Delaware is fine with this and so is the IRS. Most states and agencies are as well. Note: it should not be a P.O. box as most agencies and financial institutions will not allow you to use one. A PMB (private mailbox) works fine though.
Don’t use your home address. You’ll get endless spam.
Set up the virtual mail address to an address in the state you are headquartered.
But where is a fully remote company headquartered?
Many institutions don’t understand that there is no physical office for a distributed company. Your headquarters or main office is the place where the CEO lives or where you have the most officers CFO, Secretary, etc.. These people are all named when you incorporated.
Use your virtual address everywhere. Tell your lawyers to use it. Tell your accountants to use it. Don’t use your home address. List it as the address when registering for any accounts. Yes you can change your address, but it’s a lot of work to change everywhere and you won’t want to deal with that later.
Where you need to pay payroll taxes
The address you provide to your payroll provider determines which state you are paying taxes in. If you live in CA you pay CA taxes. There’s a ton of nuance here, but don’t overthink it—where you live is where you pay taxes and where appropriate payroll taxes need to be remitted.
The US tax code makes digital nomads unrepresentable. Working anywhere for an extended period of time (months) means there is likely a tax obligation there.
You’ll need to set appropriate expectations with you employees about moving around. Every time they change their address for tax purposes, they are also going to have to file a tax return in that state.
Workers compensation insurance
Remote locations will use the employees home address. This is unavoidable but it’s not public as it is with the incorporation information. You will update your policy every time you have an employee in a new state.
In my experience, the whole policy gets replaced each time you add a state which can be pain in the butt. You will get a big ol' packet in the mail each time.
Registration and Foreign Qualification
You should probably register with the SoS where the business is headquartered. This is a business decision, but just know that California will come after you fairly quickly.
Whenever you register with the Secretary of State it typically comes with an annual report and some manner of taxes (a franchise tax, corporate income tax, excise tax, etc.). This is a meaningful amount of additional work and experts are split on whether you need to do this for remote hires at all.
This is also where your address discipline is important. Information about each officer and owner will become public and you can typically search for it online. To protect privacy, use the business address and business phone number for each person. (If you already have a board of directors they will be listed too so keep privacy in mind).
HR and Labor Laws
Where you have employees is where you have to follow the state’s employment laws (in addition to federal laws). The rules change as you company changes and as legislation changes. Then there’s emergency orders and even retroactive requirements.
Mandatory notices and posters
This sounds silly for a technology company that is fully remote—where do I put the break room posters if everyone works at home? Well, it’s still up to you and if something happens (it’s very easy for someone to complain to the Department of Labor) those seemingly unimportant notices are what is going to get you into trouble. One way to look at it is it doesn’t matter til it matters, but a better way is to treat this as part of being employee friendly and helping them understand their rights.
[More here soon]
[More here soon]
Hiring the team
Something I see startups do wrong is hiring in timezones that don’t allow for enough overlap time
A good rule of thumb to start with is that everyone should work from a timezone within three hours of each other. Any more than that and scheduling becomes a meaningful barrier to collaboration.
As a simple example, consider this scenario. You need to schedule an important meeting. You don’t want to annoy the attendees by scheduling over someone’s lunch or making them stay up late or wake up early. Everyone works a standard 9am to 5pm.
|2 TZ, 3 hours apart||4|
|3 TZ, 3 hours apart||3|
|2 TZ, 6 hours apart||2|
Is having friction around meetings a bad thing? Ideally no, practically yes. Put another way, where do you want to innovate—collaborating as a distributed team in many timezones or on your product?
Expectations for working hours and working environment
Greater flexibility in work location is not the same as flexibility with working hours. It’s important that the team has consistent working hours so that synchronous communication and collaboration can happen at predictable times.
Similar to the issue with timezones, working hours makes it easier for the team to get their work done with less hindrances. Irregular work hours leads to bad habits like ‘making up hours’ at night or over the weekend.
Working environments also impact the team. Reliability of internet connection and background noise is a good proxy for the quality of a remote team’s working environment. Bad internet connection impacts everyone you work with and slows everything down. Noisy and distracting environments similarly effects the quality of the individuals work and whomever they are working closely with.
Make accommodations based on people’s needs, but be consistent and explicit about expectations.
Setting up async communications with the early team
Just about anything works with a team of less than 5 people, but I’m of the belief that writing and async work is a practice that makes sense to develop from day 1.
Why writing? Writing is thinking and working out your thoughts ahead of time prevents meetings and leads to better ideas.
As a remote team your bar for security needs to be higher.
I would recommend starting with GSuite right away. Gmail is ubiquitous at this point, but the other important part is using Google as an authentication solution. Logging in with a google account removes storing lots of passwords and makes automation easier to revoke access if someone leaves. For example, you can disable logging in with anything by Google in Slack.
Everyone should use a password manager using a company account. 1Password is great for this. Set the expectation early that credentials should be stored and passwords should be generated using a password manager. Don’t try to clean this up later, get it right from the start.
Do you need a VPN? I’m kind of split on this. Yes you have little control over the network that remote employees use to do their work, but the combination of the above two items helps mitigate them. At some layer, you need to trust the network (even with a VPN), but it seems reasonable to skip the VPN until you really need it.
There’s plenty written on this topic already so I won’t repeat it at the risk of getting it wrong. If you’re dealing with sensitive data (who isn’t?), start from a strong foundation because it’s easy to iterate on early when you have no data.
My two cents, outsource this completely using some PaaS, or go all in on the AWS ecosystem (IAM for authentication, KMS for encrypting secrets, VPC to lock down ingress/egress) right away. Either way, pretend laptops will get lost or stolen (they will)—there’s a greater chance of that happening as remote teams are more mobile.