VOL. II ARTICLE NO. 126

Trust but Verify

Corporate Background Screening is Crucial to Enterprise Goals Ranging from Risk Management to Regulatory Compliance. But It’s Also a Far More Complex Security Imperative Than Most Companies Realize.

It all starts at the global headquarters of a Fortune 250 technology company. Three individuals, including the head of Accounts Payable, are indicted for fraudulent acts leading to $11.5 million in losses – and immeasurable impacts on the company’s brand and reputation.

Overnight, the company’s HR division shifts from a relatively limited approach to conducting background searches on new employees to mandating them across job classifications. Call it a “blanket policy,” if you will. With “teeth.”

“Our vendor at the time gave us arrest-related information,” says the HR director. “And we used this to discern ‘patterns of behavior’ among prospects.”

The room is silent. Most of the attorneys are taking notes. One of them reaches over and turns off the tape recorder.

Hindsight can be painful. That this corporate policy completely overlooks the absence of a trial – and
most importantly a conviction – is just as troublesome as the fact that this admission tumbles out “on the legal table” in the early stages of a multi-million dollar lawsuit.

Too often, the best paths forward aren’t followed. While executives across industries now widely acknowledge the need to keep the workplace safe, many companies and their background screening providers do not fully understand the complex, shifting relationship among security practices, screening requirements and workplace safety – on the one hand – and enterprise risk management and compliance on the other.

Common Errors That Undermine the Effectiveness of Screening

Here’s what happens when a strong independent oversight mechanism is not in place:

Screening is conducted merely as an administrative check-the-box exercise. The lion’s share of the value – using screening as a key component of a broader risk management strategy – goes untapped.
Background check requirements apply to in-house personnel – but not vendors or contractors. This scenario also plays out in reverse. Sometimes the provider has a more rigorous screening process – and it’s the internal processes that are lax.
Functional inefficiencies proliferate. Overlapping or mutually-influencing elements of an effective screening program are “owned” by various decision centers across the enterprise – such as HR, legal, compliance and risk management.
Value uncovered by screening results isn’t “handed forward.” Screening information is either poorly integrated with other risk management or security-related strategies – such as user risk classification systems – or done so with little regard for compliance.
Unfamiliarity with how to vet and validate a background screening vendor opens the company to new areas of risk. Commonly flawed rationales for what can be a critical relationship include “because we’ve been with them for years”, “because we haven’t had a problem yet” and – most dangerously – “because they just give us what we ask for.”

What’s Your Overhang Strategy? Compliance Is Posing New Risks for Screening – and By Extension, For Security

In the past, one of the toughest screening challenges for HR directors was managing the risks and opportunities associated with the conversion from manually-based background investigations using multiple jurisdictions, databases and sources to automated ones. Automation is no longer a new technique. And HR directors used to making judgment calls alone now often need the counsel of attorneys, compliance experts and experienced screening providers.

Today, among the most difficult challenges is compliance – especially given rapidly changing best practices required to address the implications of the Fair Credit Reporting Act (FCRA) and the Equal Employment Opportunity Commission (EEOC).

Acknowledge the Complexities in “Getting Screening Right” – and Take the Time to Do So

The CEO of one of the most innovative screening providers in the industry puts it simply. “Every day,” he says, “the compliance issue is a battle for our clients.” Many companies just don’t understand what’s in their best interest. “Let me explain to you,” he tells their executives patiently, “why you don’t want to know the information you’ve asked us to provide.” Here’s a sampling of the issues companies struggle with most often:

Arrest is not the same as conviction. Failure to develop screening policies that acknowledge this difference can be enormously costly. Be careful what you ask your screening company to provide.
Knowledge can undermine insurance protections. If you uncover evidence that an employee has conducted criminal or illegal acts, look into whether that knowledge impacts your insurance coverage.¹
A crime in one state can be a minor misdemeanor in another and a civil citation in a third. Wide variations in state criminal laws can raise multiple issues. And several states – including California, New York and Massachusetts – are tightening restrictions on screening practices and hiring bars.²
Blanket policies for job candidate screening can raise the risk of discrimination claims. Instead, “tailor the use of background checks to fit specific criteria relevant to the job position” you’re seeking to fill.³
Special attention should be paid to the use of credit scores – and criminal records. Due to “racially correlated disparities in credit ratings,” credit-based background checks, like criminal records, “could have a disparate discriminatory impact on minority job applicants.”⁴
Inaccuracies abound in screening reports. Be sure to validate data obtained with the actual courthouse public records. This is usually accomplished by the most reputable screening vendors who have the resources to physically visit the 3,500 county courts and 10,000 local courts in
the United States.

For More Information

To find out more about our background investigation and screening services as well as our broader security and investigative services, contact:

Arnette Heintze, Chief Executive Officer, at (312) 869-8500 or via email
Harvey L. Radney, SVP and Managing Director, at (312) 869-8500 or via email

FOOTNOTES: ¹ “Watch Your Back: Smart Hiring and Proper Background Checks,” Employee Relations Law Journal, Winter 2008. ² Special Report: Background Checking, “Burden of Proof,” Workforce Management, Feb 2010. ³, ⁴ “You Wanna Background Check Me? Well, Be Careful Where You Look…,” Corporate Counsel, Jan 2010.

About 360° INSIGHT

The Hillard Heintze 360° INSIGHT publication is an ongoing and regular series of executive briefings on a wide range of critical and emerging issues at the forefront of best-in-class security and investigative practices today.

<< Back to all publications

Practical Tips for Execution: Our Recommendations

Tip #1 – Review and update your background screening policy.

Many companies haven’t done so since they first wrote it. Continually realign it carefully with your broader risk management, compliance and operational objectives. Pay special attention to privacy laws related to issues such as consent, information storage and confidentiality. And insist that your policy authors determine if, where, when and how external vendors and partners should be asked to meet or beat these guidelines.

Tip #2 – Determine the skills and experience that should be resident on your in-house team.

Then supplement these with external advisors in the most strategic and cost-effective manner.

Tip #3 – If you engage the services of a screening vendor, know precisely which characteristics differentiate the most reliable ones from the rest of the industry.

Start by insisting on demonstrated expertise in HR, security, compliance, data analytics, case management processing and automation in search, retrieval and reporting. Then put these qualifications aside and take an even closer look at how the vendor addresses areas such as: 1) data validation through on-site court checks of actual files; 2) adjudication when information of concern surfaces; 3) strategies for risk mitigation, transfer, acceptance or avoidance when compliance-sensitive decisions and risk-related judgment calls are required; and 4) vetting approach to international third-party data screeners. And don’t be fooled by size. Scale is never a proxy for excellence.