According to the 2012/13 Global Fraud Report, from HireRight’s sister company Kroll, two-thirds of fraud affecting companies in 2012/13 was carried out by someone who worked for the company one way or another. This risk has continued to rise year-on-year. These latest figures in the Global Fraud Report are up from 60% in 2011, and 55% in 2010, whilst CIFAS, the UK’s fraud prevention service, reported a 14.5% increase in staff fraud cases in 2011 compared with 2010.
Whilst pre-employment screening is a valuable tool to manage recruitment risk, it only gives a snapshot of information at a given time. How do you manage the risk posed by existing employees when criminal acts are often carried out by individuals who had no malicious intent or previous form when joining the company but whose loyalty changed at a later date?
For more robust risk management, pre-employment screening should be combined with a policy of ongoing workforce screening, as failure to monitor employees on a repeat basis could leave an organisation vulnerable to a number of internal threats including theft of physical assets, financial fraud and information theft.
By rechecking the dynamic information in an employee’s profile on a regular basis e.g. credit history, criminal record, directorships etc. an employer can learn about misconduct that may have occurred during tenure and identify any changes in circumstances that could pose a heightened risk.
It is recommended that you rescreen all employees, or, as a minimum, a random selection of employees, annually as well as on promotion or change of responsibilities. This is particularly applicable if the employee is moving from a low-risk role to a high-risk one, as the screening requirements of the new position may be different to those of the position the employee was originally hired for. Screening of existing employees is also good practice for organisations acquiring other companies to mitigate risks in the acquired employer’s workforce.
In the Financial Services Authority (FSA) consultation paper ‘Financial Crime: a guide for firms’, organisations are advised that “Vetting should be proportionate and risk-based and repeated or ongoing where appropriate, for example for staff in high-risk roles.” The guidance also states that staff vetting as a one-off exercise is considered poor practice by the FSA.
How to manage an ongoing screening program:
- Open communication is key. Have a clear written policy for background screening that includes ongoing screening.
- Screening must be consensual. Make sure you collect a signed release form authorising the right to conduct background screening throughout employment.
- Be fair. The level of rescreening and the specific checks undertaken must be proportionate to the potential threat and the requirements of the job.
- Deal with information appropriately. Adopt a risk-sensitive approach to managing adverse information about an employee. The findings need to be looked at in the context of the role and should prompt a conversation with the employee. How important is the revealed negative information? What explanation can the employee give?
- Ensure Data Protection Act compliance and only store the report for the permissible timeframe.