In an industry rife with disruptive innovations, organisations face the constant challenge of having to keep up and familiarise themselves with a stampede of regulatory changes that emerge equally quickly. Advances such as cryptocurrencies, digital payments, robotics and artificial intelligence are no longer foreign concepts to the financial services sector, and yet there are still layers of regulations that need to be understood and tackled carefully.
In a similar vein, one could say that background screening is often approached warily, with many unsure of how to navigate the giant web of employment and data privacy regulations that surrounds it. Yet, background screening is generally accepted and implemented to help safeguard organisations from losing potentially devastating amounts of money, intellectual property and sensitive data at the hands of a bad hire.
Take for example the highly-publicised case of former branch deputy manager Gokulnath Shetty, from the Punjab National Bank branch in south Mumbai, who engineered fraudulent transactions totalling about $1.8 billion over seven years (source). Imagine if these, and other similar transgressions, were to slip through the net in a company’s hiring process.
With the rush to fill in significant talent gaps in the industry, organisations might be tempted to skip background screening altogether. However, it’s important that HR teams don’t put their company at risk in the process of beefing up the talent pipeline. But how should companies navigate the seemingly complex regulatory landscape that is background screening?
A key concern of background screening is the infringement of data privacy laws, what with the sheer amount of hugely personal data collected from job candidates.
Perhaps the most prominent data privacy regime in place is the General Data Protection Regulation (GDPR) by the European Union (EU), which went into effect on 25 May last year. Within APAC, similar regulations give individuals the reins over their personal data, such as the Personal Data Protection Act in Singapore and Hong Kong’s Personal Data (Privacy) Ordinance. India is also steps closer to having its own data privacy framework, since the formation of the Committee of Experts.
Candidate consent, data mapping, subject access rights – in theory, these form the very backbone of background check processes that predates the GDPR. Screening providers have traditionally offered options to support employers in their efforts to ensure the delivery and collection of information notices and consents. In the case of new regulations, such as rules governing data transfers under the GDPR, a respected background screening provider would work with their clients to ensure compliance as a data processor, and that organisations are well-informed and educated on considerations to carry out their obligations as data controllers.
Building an effective screening programme
The benefits of background screening are clear, especially to the financial services sector – HireRight’s APAC Employment Screening Benchmark Report found that respondents in the sector indicated improved regulatory compliance as one of the top three benefits of employee screening.
Apart from legal and compliance requirements, companies need to have a keen understanding of the specific needs and scope of operations and implementing the relevant background checks necessary to address the inherent internal and external risks posed to their business.
For example, the Reserve Bank of India requires that non-banking financial companies ensure that adequate personnel verifications processes are established in order to ensure that criminals are prohibited from misusing banking or financial channels. For businesses in the financial industry in India, HireRight provides criminal searches and conducts several credit and financial integrity checks. They include searches of local Session Courts, and Magistrate Courts, in conjunction with a national search of the Supreme Court and High Court as well as index court records of official liquidators; insolvency registers of civil litigation (for defaults over 25 lakhs); scanning registries of the Reserve Bank of India (e.g. defaulters, insolvency); and bankruptcy checks, including the National Company Law Tribunal and the Debt Recovery Tribunal.
Apart from the financial services industry-specific screening, general background checks also provide recruiters with important information about candidates that would help them assess if potential hires will be a good fit for the job, and whether they meet the regulatory requirements of the industry. These checks include credit history, criminal records, CV checks, educational history and employment verification – all important indicators that signal a candidate’s potential risk profile, and confirms their qualification for the role at hand.
Keeping in mind the importance of ensuring data privacy is maintained, processes are compliant, and inherent needs of the company are considered, what should businesses look out for when choosing a background screening provider for their organisation?
- Ensure they have the right credentials.
Look out for globally-recognised standards when picking a background screening provider. For example, HireRight in APAC and EMEA is ISO 27001:2013 certified, which provides independent assurance that the data security has been tested and audited in accordance with internationally accepted standards for good information security practice.
- Ensure that they are equipped to handle cross-border checks.
Where global consistency and visibility in background screening are a must, especially for large multi-national corporations, pick a provider that’s able to execute a truly-global programme that is still tailored to fit the local culture and language of each market.
- Ensure that they offer a smooth and transparent application experience.
Your chosen vendor and their staff should be equipped to answer applicant questions promptly and offer user-friendly dispute processes should issues or discrepancies arise around report results.
Ultimately, your background screening programme should not deter candidates from applying for a position because of a complex procedure that involves layers of regulatory compliance. Communicating the right information at the right time, and inappropriate depth will help candidates to have a better understanding of how the process works and allay any fears they might have. The concept of “high risk, high return” is often construed as a valid strategy within the financial services industry. But the same cannot hold true when it comes to hiring.
(Views expressed in this article are a personal opinion of Alonzo Martinez, Associate Counsel, Compliance, at HireRight. HireRight delivers global background checks, employment, and education verification services to organisations worldwide. )
Alonzo is responsible for monitoring and advising on key legislative and regulatory developments globally affecting HireRight’s service delivery. Previously, he worked in the financial services industry where he helped to deploy a global background screening programme across 30 countries and 40,000 employees.