Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: Background Checks
Quick Take
On this episode Compliance Unfiltered, the CU guys tackle the topic of background checks as it relates to your compliance, and to your business overall.
Wondering what types of background checks to do? How often to run these checks? How to select a background checking service?
All these answers and more, on this week’s Compliance Unfiltered
Read Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less.
Now, here’s your host, Todd Coshow, with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow alongside the compliance joystick to your Atari. Mr. Adam Goslin, how the heck are you, sir? Oh, I’m good. You gave me flashbacks of way too many hours with Pong. I love it, I love it. Well, speaking of the Way back Machine, we’re going to talk today about some background checks. Most of our listeners have had to check a box for background checks in their daily lives.
Why don’t you queue this one up for us, Adam? Well, you know, some of this is going to feel a little redundant for some of the listeners, some people may glean some stuff out of it, so that’s why we decided to hit the topic. But, you know, if you’re an organization that doesn’t happen to be running background checks on your new hires a matter of course, you know, it’s definitely time to rethink hiring policies. You know, employee background checks used to be, you know, unheard of unless you were filling some highly sensitive position or had a government contract or whatever. But, you know, times have changed. And, you know, really, anybody at your organization could be gaining access to various forms of sensitive information. And when it comes to background checks, it’s not a, it’s not a situation. and where one size fits all. You’re gonna need different types of background checks for different roles at the organization. Different organizations have different needs. So, you know, we’ll spend some time today kind of chatting that through, if you will.
Outstanding. Now, what are some of the different types of background checks? Well, there’s more to a background check than simply criminal history. Depending on the business, the role that you’re hiring for, you know, that you may need to perform one or more, you know, types of background checks. So, you know, you might need to go down the criminal. you know, route, most organizations will. Where you’re checking for wants and warrants, you’re checking criminal records, arrest records, convictions, these checks can be done, you know, both at the federal level as well as at state level. So something for organizations to kind of think through, if you will. Financially, you know, has the new hire had financial issues or liens, bankruptcy, loan defaults. If you’re, you know, if they’re dealing with money or dealing in the, you know, kind of financial sector, you know, then those are probably realms and areas that organizations would be interested in. Education may come into play depending on the type of organization we’re talking about. So validating the candidate’s educational background, their certifications, licenses, other credentials. You know, you’ve got things like name lookups, including any current and former names and aliases, residential history, phone numbers and other contact information, as well as possibly the driving record. So, you know, if the business is requiring personnel that need to drive, you know, then validating their, you know, driving records, current licenses that they hold in alignment with the requirements of the organization, etc. You know, certainly during onboarding, organizations should also be validating that personnel possess a valid driver’s license and US citizenship, you know, as appropriate, depending on where their employees are gonna be, you know, but, you know, for those that are in the US, making sure they’re actually citizens, you know, and just thinking through what types of work do these employees need to do across the organization?
And for each of the roles, identifying what kinds of information do we want to verify before the new employee comes on board and developing, you know, a matrix and keeping it updated as your organization, you know, as your organization evolves is a, you know, is a good approach to getting things kind of queued up properly.
Well, I guess a big question is what are organizations obligated to do here? Well, background checks, you know, you know, When you’re wondering which background checks there we need to do for new hires, you know, certainly looking at the type of work the company does, roles that you also hire for considering any standards or certifications that your organization goes up against will all come into play.
Certainly, if you’re an organization that has an assessor for your, you know, kind of existing certification or standard that you go up against as an organization, then go to the assessor and seek their guidance on the minimum requirements. You know, certainly, if you’re going through the assessment, your assessor is going to go through and validate execution and coverage of the background checks as part of their review. So, as an example, in the PCI world, you know, you have exposure to credit card data and the potential for financial fraud.
So, that’s where it’s good to look for things like lawsuits, criminal history, you know, records that are really, records of any, you know, charges related to embezzlement or financial fraud, identity theft, credit card theft, you know, would all come into play. You know, similarly, a law firm, you know, might be more concerned with overall reputation and different kinds of criminal background. You know, certainly today, one of the, you know, one of the arenas that a lot of organizations will bring into play is when they’re doing just general analysis or investigation into personnel is looking at their social media, looking at their kind of public profile on the web,
you know, and things along those lines, you know, for those that are, for those that are a little, we’ll call it a little longer in the tooth, shall we say, you know, they, hopefully, they’ve been, they’ve gone through a period of being wary of social media and, you know, basically aligning with the notion that whatever you put out there is potentially going to come back to haunt you. And yet, I see a lot of a lot, especially a lot of younger folks, less concerned about, you know, about the long term impacts of, you know, what they’re what they’re doing, you know, kind of in the public forum. And for some of those individuals, I’m absolutely positive that those transgressions will come, come full circle to haunt them at some point.
I have no doubt about that. What is how, I guess, often should… Background checks be run. I mean, I I know that I’m a completely different person than I was five years ago But you know and the younger the younger you are Hold on a minute. Are you are you really are you really giving the listeners an indirect? Indirect look into your into your sorted background, just kidding So now the how often to run the background check so, you know Definitely you need to run background checks at higher before people start working you are correct that you know things do change for people over time You know, there are some um, there are you know, some organizations will you know We’ll also execute that hiring paperwork with the written independency on you know, an acceptable background check being performed Depending on the business line the industry, you know, it may also be appropriate to run annual background checks for certain of your of your staff members You know most standards aren’t requiring today some form of an ongoing background check Unless you’re you know, unless you’re over in you know, the DoD space, etc But for most in the private sector, it’s not as common You know across the entirety of the workforce to require Periodic background checks whether annual or less or less periodic So it really comes down to the organization’s policies, you know as to whether or not they want to go through You know periodic background checks, so, you know If you’re in the transportation industry and you know and you need to go through and do that, you know And if you have some kind of recheck that people are still carrying, you know Valid driver’s license and maintaining a clean driving record and then in and then You know, then it may be a situation where you want to you know, do those more often in some cases Depending on what you’re looking for So like is it a an example in that driving arena.
There are services where you can basically sign up for alerts on changes to your existing personnel as well. If they all of a sudden gained a ticket or some type of a charge related to operating a vehicle, then they could go ahead and get alerts as well. Organizations really need to think through what roles within the organization need to have these recurring checks where delivery drivers are going to have a greater need than dock workers as an example. Organizations need to go in and figure out how do they want to go about doing it. That tracks. Now, how does one go about reviewing the background check report findings. Well, what you want to do, we talked earlier about kind of lining up the background check, lining up the background check types with the roles that you have and then the timing of how often you need to run those. Those are all things that we’ve talked about so far. But certainly, having some form of an evaluation matrix for those background checks in advance is a really good idea. You want to have clear documentation on how you’re handling and processing the background checks so that you ensure, as an organization, that you’re doing these in a fair, equitable, and unbiased manner. You definitely don’t want to be applying different rules to different people. And certainly, if you’ve got a team of people that are receiving and reviewing these background checks, you want to make sure there’s a consistent barometer that you’re leveraging for the various results you may see.
So if you’ve got a customer service person at a credit card processor, does it really matter they had a speeding ticket last year or 10 years ago? Well, what if they defaulted on a loan five years ago? You’ve almost got to play scenario games. The one thing that I’ve found working with organizations that have seasoned their approach to background checks is it never fails. You’re going to come up with somebody that has something brand new that you didn’t have as part of your evaluation process. So these things aren’t go in, write them once and walk away. But certainly, taking a fresh look at them periodically is one side of it. Certainly, as you have special circumstances popping up, figuring out how do we. you want to handle this as an organization, including that as part of your evaluation process. You know, there’s a lot of folks that will, you know, kind of take their shot and then change it over time, which is a good approach because, you know, you’re going to see these things popping up. You know, that annual review, you know, kind of your various requirements for background checks, you know, you’ve already gone through major, you know, major adjustments and whatnot to it from things that pop up. But it’s a good idea, number one, just so you put your eyeballs fresh on. How are we doing these evaluations? But number two, use that as an opportunity for an annual review with your team that is doing the reviews of those background checks. That’s a good process to get into.
And finally, you don’t have to do this every time you make a change or every year when you’re going through your review. But I would recommend bounce your decision tree by your legal counsel. Make sure that the things that you have decided you’re going to deny people for or that you’re going to allow through, that those are passing muster of your legal counsel. I’m definitely not a lawyer. No, no, no, no, no, no, no. But you wanna pass it through your legal counsel. Make sure that you’re doing things appropriately. You don’t wanna be in a situation where somebody can come back and sue you over an evaluation that was performed inappropriately. That would definitely be something that would suck.
So how does drug testing play into things, Adam? Well, depending on the nature of the business, roles within the company, drug testing might be a requirement for certain employees. So if the organization has not already definitely recommend find a facility that can administer the drug test for your organization. The third party testing service that can help with detecting cheating, etc. I’ve seen that done in a couple of different ways, sending employees to a particular facility to go in and have their drug test performed. And in other cases, depending on the how often you need to do the drug testing, they may ship personnel over to your facility the sample collection, and whatnot there.
So a couple other things that companies need to kind of think through is, do you need to require periodic drug testing? Are you going to incorporate random drug testing? And if so, what’s the process for administering those various drug tests? Now, how should companies go about selecting a background checking service? What are the key elements they should be thinking about? The fun part is that all of these background checking services are different. You need to figure out the right fit for your organization, the types of checks that you’ll need to run, how often you’re going to run them, how many checks, different background checks you’re going to be requesting, taking an eye toward your budget as well. So there’s a lot of different factors there. So as you begin going through the vetting process for vendors, there’s going to be wide variability in costs, quality of reporting. Some of these reports are easier to read and understand.
Some of the other ones can be extremely frustrating. So a valid report could be anything from a couple of pages to hundreds of pages long. It just depends on the types of tests that are being run and the results, if you will. I’ve also seen some reports that are literally hundreds of pages of absolute garbage where the test was run on Steve Smith. And what they did is when they ran it, they ran it literally nationally on the name Steve Smith. And so every single Steve Smith across the entire contiguous United States and all of the bad stuff that those Steve Smiths got up to was smattered all over this report. So before you’re going in to make your decision, I’d certainly recommend to folks ask to see sample reports so you can see the kind of detail and quality you can expect from them. If you have an assessor, a security compliance consultant, vendors and business partners, ask for their experience with the background. services that they’ve, that they’ve leveraged. Certainly, you know, on, you know, on my, you know, on my side, when an organization basically gets it down to, yeah, I think we’re gonna go with like, kind of one of these two, you know, type of thing, or one of these three. Honestly, you want to know what can be a pretty cool way to go about doing it is go take the same that whatever your next one is, run the same, yeah, run the same person through multiple of these services, you know, just so you can kind of directly compare, you know, directly compare, or as an alternative, basically, you know, pick one. And when you get somebody that seems to have some very, you know, some variability in their background check, you know, where AKA, you know, you’re going to have some results type of thing then go do your you know, you’re your head -to -head comparison You know of the different companies run that same person through the other background checking services Just so you can kind of see who’s coming up with what who’s reporting on what how are they displaying it to you? You know, etc. and, and, and again keeping your eyeball open for that garbage.
Absolutely parting shots and thoughts for the folks this week? Well, it doesn’t matter what type of an organization you are how small your company may be You know, you really should be running background checks when you’re hiring new folks and, and potentially doing that on a recurring basis You know if you’re if you take your company security seriously Then running background checks is going to go hand -in -hand with maintaining that robust security stance The, the more relevant question is you know How you’re going to run them and what type of an evaluation matrix that you use? And you know depending on what you know What organization you are and what standards you need to adhere to, you know, there may not be a set standard for you to follow But you’ll certainly be on solid ground if you’re in dialogue, you know with your assessor your compliance consultant your legal counsel You know continue refining those policies Regarding your background checks as you gain more experience, you know, and certainly adjust them as You know as events will dictate and as the needs of the organization evolve.
And that right there That’s the good stuff Well, that’s all the time we have for this episode of compliance unfiltered I’m Todd Coshow and I’m Adam Goslin. Hope we help to get you fired up to make your compliance suck less.
