Background screening is often approached warily given the giant web of employment and data privacy regulations that surrounds it. Yet, when done right, it can safeguard organisations.

By Alonzo Martinez, Associate Counsel, Compliance, at HireRight

In an industry rife with disruptive innovations, organisations face the constant challenge of having to keep up and familiarise themselves with a stampede of regulatory changes that emerge equally quickly.

Advances such as cryptocurrencies, digital payments, robotics and artificial intelligence are no longer foreign concepts to the financial services sector, and yet there are still layers of regulations that need to be understood and tackled carefully.

In a similar vein, one could say that background screening is often approached warily, with many unsure of how to navigate the giant web of employment and data privacy regulations that surrounds it. Yet, the practice of background screening is generally accepted and implemented to help safeguard organisations from losing potentially devastating amounts of money, intellectual property and sensitive data at the hands of a bad hire.

Take for example the highly-publicised case of former branch deputy manager Gokulnath Shetty, from the Punjab National Bank branch in south Mumbai, who engineered fraudulent transactions totalling about $1.8 billion over 7 years, according to a report in «Channel News Asia».

In June last year, Anglo Irish Bank Corp.’s former CEO was penalised for conspiracy to defraud, and false accounting during the financial crisis in 2008 (source). Imagine if these, and other similar transgressions, were to slip through the net in a company’s hiring process.

With the rush to fill in significant talent gaps in the industry, organisations might be tempted to skip background screening altogether. However, it’s important that HR teams don’t put their company at risk in the process of beefing up the talent pipeline. But how should companies navigate the seemingly complex regulatory landscape that is background screening?

Data privacy

A key concern of background screening is the infringement of data privacy laws, especially with the sheer amount of hugely personal data collected from job candidates. This issue has been thrown into the limelight by the Cambridge Analytica scandal, which brought under scrutiny the ways in which companies made use of customer data.

Perhaps the most prominent data privacy regime in place is the General Data Protection Regulation (GDPR) by the European Union (EU), which went into effect on 25 May last year. The GDPR applies to any organisation that processes personal data of individuals in the EU, including organisations that have permanent establishments outside of the EU. Within APAC, similar regulations give individuals the reins over their personal data, such as the Personal Data Protection Act in Singapore, Hong Kong’s Personal Data (Privacy) Ordinance, and Australian data privacy regulations.

Candidate consent, data mapping, subject access rights – in theory, these form the very backbone of background check processes that predates the GDPR. Screening providers have traditionally offered options to support employers in their efforts to ensure the delivery and collection of information notices and consents.

In the case of new regulations, such as rules governing data transfers under the GDPR, a respected background screening provider would work with their clients to ensure compliance as a data processor, and that organisations are well-informed and educated on considerations to carry out their obligations as data controllers.

Building an effective screening programme

The benefits of background screening are clear, especially to the financial services sector – HireRight’s 2018 APAC Employment Screening Benchmark Report found that respondents in the sector indicated improved regulatory compliance as one of the top three benefits of employee screening.