LCA Posting & PAF Compliance: Why ‘CYA Emails’ From Immigration Firms Are Not Enough

by Roman Zelichenko

For years, H-1B compliance at many immigration law firms has rested on a simple strategy: send the client emails with the information they need, you're all set.

These emails are usually filled with step-by-step instructions about posting LCA (Labor Condition Application) notices and creating  PAFs (Public Access Files). But in truth, these emails are not really ensuring H-1B compliance. What they do ensure, however, is that the immigration law firm has "CYA'd", or "Covered their a**".

With the Department of Labor’s new Project Firewall enforcement initiative gaining traction, this compliance-by-email model no longer cuts it.

Let’s break down how the process works today, where it falls apart, and why immigration law firms and employers need a better, tech-driven solution for 2026 and beyond.

The Typical LCA posting and PAF Compliance Workflow (And Where It Relies on CYA)

When a new H-1B case gets initiated, here’s what usually happens:

The immigration law firm prepares the LCA notice and emails it to the client with instructions on where and how to post it, how long it must be posted, and a request to confirm once it's done.
→ This is the first “CYA” email.

The client replies saying it’s been posted. The firm then proceeds to submit the LCA through the DOL’s FLAG system.

Within one working day, the law firm sends another email outlining how to create a compliant PAF—what to include, how to organize it, and how long to retain it.
→ This is the second “CYA” email.

The H-1B petition is filed with USCIS, the case is approved, and the process appears complete.

Or is it?

What Law Firms Don’t Know about

Here’s the hard truth: in most cases, immigration firms don’t actually know if the client:

Posted the LCA notice correctly

Made the LCA visible to remote or hybrid coworkers

Created the Public Access File within the required 1-day timeframe

Included all the required documents in the PAF

Stored it in an audit-ready location

There’s no real-time visibility. No digital audit trail. No centralized compliance dashboard.

Instead, the law firm relies on the client’s confirmation via email (if that)—and if something goes wrong, they point to those emails as proof that the firm did its job.

From a legal liability perspective, that might be sufficient.

But from a client service and risk management perspective? It's probably not.

Why This Matters More Than Ever: Enter Project Firewall

The Department of Labor’s Project Firewall has made one thing clear: H-1B employer compliance is now a federal enforcement priority.

Project Firewall gives the DOL expanded authority to initiate investigations—without needing a whistleblower complaint. It also increases coordination between the DOL, DOJ, USCIS, and EEOC, meaning that compliance gaps are more likely to be flagged, audited, and penalized.

For law firms, this puts new pressure on the traditional CYA model.

Because when a client is audited and the DOL finds a missing LCA posting or an incomplete PAF, the response “we sent you the instructions” won’t cut it.

And if the client’s company faces fines or reputational damage, they won’t blame themselves—they’ll blame their lawyer.

The Risks of Manual, Email-Driven LCA posting and PAF Compliance

Most law firms still treat LCA posting and PAF management as afterthoughts.

LCA notices are sent as PDFs, with a request to print and post them at physical worksites

Remote employees are often asked to print notices and post them at home—something the DOL has clarified as problematic

PAFs are left to clients to compile and store, without any centralized system or visibility

There’s no automatic PAF expiration or audit history

This creates risk—not only for employers, but for the law firms that serve them.

And with compliance enforcement on the rise, that risk is growing fast.

The Role of Technology in Fixing This

The solution isn’t more emails. It’s smarter infrastructure.

Just as law firms have adopted platforms for document collection, form filling, calendaring, and status tracking, H-1B compliance should be automated and centralized.

That means:

Electronic LCA posting that ensures notices are visible to affected employees, across all locations

Automated PAF generation within one business day of LCA filing, with templates, version control, and audit trails

Real-time visibility for the law firm and client, so there’s no guessing whether compliance steps were completed

Secure digital storage of PAFs, with automatic expiration and purge options after the retention period

Law firms can no longer afford to treat compliance as an email checklist. It’s time to treat it as a core part of legal service delivery—and a key risk area to control. Whether you're a large immigration law firm with massive corporate clients or a small or solo immigration law firm with SMB's filing just a few H-1Bs each per year.

The LaborLess Advantage

LaborLess was built specifically for this purpose. Our platform allows immigration law firms to:

Post LCAs electronically on behalf of their clients

Automatically generate and manage PAFs

Maintain transparency and control over every step of the compliance lifecycle

Audit-ready their practice while delivering real value to clients

And coming soon, LaborLess will expand to support PERM Notice of Filing compliance—bringing even more critical processes into a single, secure platform.

If you're ready to leave the "CYA" model behind and modernize your H-1B compliance, contact us at LaborLess, or explore more insights and how-tos on our blog. Because in 2026, compliance isn’t optional—and email instructions aren’t enough.