Background Screening Policy Enhancements for Safer Hiring

Join David Cole and Anton Watson in episode 6 of EBC Global’s Webinar Series, as they delve into enhancing your background screening policy for safer hiring practices.

Whether you’re new or aiming to optimise your current processes, this episode is packed with actionable insights and practical tips to help you stay compliant and optimise your existing processes for safer hiring.

Missed the webinar? No worries! You can watch it here to get the full picture.

Industry insights – news and trends

We’ve prepared a selection of industry news and trends to keep you informed including:

• Regulation you need to be aware of
• Industry Trends
• BPSS Changes

Regulation you need to be aware of:

• Worker Protection Act – requirement for all organisations to take active steps to prevent sexual harassment in the workplace since October 2024.
• The Economic Crime and Corporate Transparency Act (ECCTA) – Transformations rolling out between 2023-2027, with failure to prevent fraud regulations coming into place on Sept 1^st
• Changes to UK Right to Work and DBS ID checks – further harmonisation of requirements in 2025 and beyond.

Industry Trends

• HMRC records, Open Banking, and Payroll data in employment verification. Fast, effective, and cost-efficient – will they compliment or replace traditional references?
• Growth in demand for Social Media / Online Reputation Checks. Expansive adoption of this most valuable of background checks currently available in terms of risk identity and mitigation.
• Explosion of AI usage in the recruitment, onboarding and screening industry. Every single stage of the recruitment process is now open to abuse by candidates looking to gain the upper hand.
• The continued rise of Reference Houses and Alibi Mills. Fraudulent businesses will go to incredible lengths to provide individuals with fake and verifiable employment and academic backgrounds that will beat all but the very best screening programmes.
• Ongoing Vetting and Re-screening Policies gaining traction. Pre-employment checks alone are insufficient risk mitigation to combat modern internal threats and insider fraud activity.
• Share Code Fraud. Fraudsters pose as legitimate employers or representatives of companies to obtain share codes from unsuspecting individuals. Stolen share codes are sold on the black market, or used by criminals (people traffickers and modern slavery gangs) to falsely verify right to work in the UK for unauthorised individuals.

BPSS Changes

• Enabling digital ID for DBS and RTW checks from certified IDSP solutions. Strengthening and speeding up the onboarding process.
• Digital HMRC PAYE records can be used to verify employment. Becoming widely accepted by organisations and regulators for verification of employment history to speed up time-to-hire. Sometimes used in lieu of traditional reference checks, and other times to increase awareness of what reference checks will actually be required.
• Cumulative GAP periods over 6 months to be evidenced. Any continuous or cumulative gaps totalling 6 or more out of the last 36 months require investigation and evidence.
• Criminal Checks run unless previous CRC less than 90 days old. Closing a loophole where criminal record checks would not be repeated, particularly when transferring to other roles.
• International criminal checks required for 6 months overseas within last 3 years. Proper criminal records checks to be obtained to replace the previous requirement for evidence or character references to be sought to cover periods of time spent overseas.
• Character references no longer acceptable. Acknowledging the futility of character references as a risk mitigation tool for BPSS vetting.

Insider Fraud – Know the Threat Actors

It’s important to know what types of threats can harm your business. Does your organisation have a formal background check policy to deal with insider fraud?

Malicious Insiders

Workers intentionally misusing company access for personal gain or to harm organisations.  Disgruntled employees, compromised contractors, activists – anyone looking to harm the organisation, or seek personal gain, especially in these highly difficult times of economic pressures and uncertainty.

Fraudsters

People, or groups, seeking to gain access to a particular organisation to carry our fraudulent activities once inside. The easiest way to achieve this is undoubtedly by securing employment inside a target organisation, hence the need for effective vetting and screening programmes.

Negligent Insiders

Staff who unintentionally create vulnerabilities through careless behaviour, such as failing to follow safeguards and security protocols can open the door to all sorts of fraud and data mishandling.

Unwitting Insiders

Those who are manipulated by external actors into providing access or information. Social engineering targets exploited by phishing and spear-phishing attacks. Malicious links, personalised messages, urgent requests from seemingly trusted sources.  Such frauds have cost organisations including Facebook and Google as much as $100million in a single targeted attack, but it can happen in any organisation.

Hacktivists

Individuals or groups motivated by political, social, or ideological causes, seeking to disrupt or publicise their agenda. Threats could literally stem from any country and for any motivation, and high profile breaches typically result in radical reforms to vetting programmes and insider threat procedures to prevent repeat occurence.

Nation-State Actors

Government-affiliated groups or intelligence agencies engaged in espionage or sabotage, often attacking critical infrastructure or strategic sectors. Notable example was the “SolarWinds” attack in 2020 where Russian state-sponsored actors targeted a US software company to successfully infiltrate networks used by US government agencies.

Organised Crime Syndicates

Large, coordinated crime groups that carry out various illegal activities, including extortion, data theft, and phishing. Wherever there are large reward opportunities, there will be great risks for organisations to mitigate.

Understanding the Evolving Threat Landscape

Today’s extensive use of AI has led to a significant increase in fraud across the recruitment, onboarding, and background screening processes, posing new threats and challenges for employers across the world.

AI tools have been exploited to perpetrate sophisticated fraud across each of the stages in the recruitment process, from the simple CV to background screening, and everything in between. Being the final step in the recruitment process, only an effective background screening policy can help employers uncover any unresolved issues with robust and reliable employment check programmes as the last line of defence for your organisation.

AI-Generated CVs and Resume Assessments

AI tools are now being used to generate or enhance many of the CVs currently in circulation, and AI is often being used to assess those CVs too. What could possibly go wrong?!

AI Application Overload

Automated applications are being effortlessly spammed for multiple roles across huge numbers of organisations.  AI application tools are designed to penetrate the first line of defence in a firm’s recruitment process.

AI Assessment Assistants

AI-powered online assessment tools help unqualified candidates, or threat actors, pass assessments that are designed to filter them out of the process. Alibi mills and other harmful businesses actively help job candidates pass numerical, verbal and logical online assessments too.

AI Interview Copilots

There are already multiple real-time AI-powered Interview copilot tools ready available for downloading online. Copilots are designed to provide real-time answers to video link interview questions to hoodwink recruiters and hiring managers.

It doesn’t stop there either – even the FBI has warned employers to take steps to mitigate deep fakes in job interviews, as scammers are also using AI to impersonate candidates during online interviews!

AI in Background Screening

Outdated background screening programmes are particularly susceptible to abuse by fraudulent candidates.  Employers relying on document collection to “verify” employment, academic qualifications and professional credentials and visual inspection of ID documents are at greatest risk.

There are fraudulent ID websites capable of batch creating hundreds of fake passports and driving licences at a time, as well as websites selling fake diploma certificates, creating fake job references, fake government documents and proof of address, and even fake employment verification services – most are available within 1-2 days for as little as £20. For a little bit more money, fake businesses and fake business websites can be created solely to defraud HR professionals to help a candidate secure employment by deception.

New Threats: Identity Fraud

The continued rise of reference houses and alibi mills, and how some fake identity documents are sophisticated enough to pass everything but the very best solutions in document verification systems.

Brought to light by a 404 Media investigation, OnlyFake was a website which allowed anyone to quickly and easily generate very convincing ID documents of their choosing.

“Customers” could choose a wide range of different ID types, from passports to driver’s licenses, and even batch create hundreds of them at a time.

It promised to heavily streamline the creation of fake documents, and bring, as the developer stated in its Telegram account, “The era of rendering documents using Photoshop to an end.”

Where The Threats Start

Understanding these stages helps organisations pinpoint where intervention can be most effective, emphasising the importance of background checks at the recruitment stage and continuous monitoring thereafter.

Recruitment & Onboarding Stage

When an insider gains access, particularly if background checks are inadequate.

Planning Stage

The individual may begin gathering information or testing the limits of their access.

Execution Stage

The insider carries out their malicious or negligent actions, such as leaking data, tampering with equipment, or facilitating unauthorised access.

Post-Incident Stage

The aftermath, including attempts to cover up their tracks or further exploit any remaining access.

Why have a background screening policy?

A solid background screening policy is essential for organisations to ensure workplace safety and security, protect their reputation, comply with regulatory requirements, maintain the quality of hires, and prevent financial losses due to fraud. By thoroughly vetting potential employees, companies can make informed hiring decisions, reduce turnover, and build a trustworthy, reliable workforce.

For a background check programme to be fully effective at mitigating risk, company policies must be in place, thoroughly understood by investigative teams, internal stakeholders and be reviewed regularly to remain in-line with industry standards, laws rules and regulations.

1. Establish and maintain clear, comprehensive, and consistent standards and procedures.
2. Streamline the screening process and ensure that searches are conducted consistently and efficiently, and in line with required laws, rules and regulations.
3. Delineate the types of screening required for different positions, so your teams don’t have to make individual determinations each time you hire
4. Spell out your background check procedures, including how you work with providers and conduct checks.
5. Mitigate potential claims of discrimination and supports your compliance with any applicable regulations.
6. Reduces the need for individual decision-making and offers guidance on how background checks should be conducted within your business or organisation

 4 Key Areas to Consider When Creating a Policy

Organisations should focus on these four key building blocks when crafting an effective background screening policy: Product, Policy, Process, and Provider.

Product

The first essential building block is understanding each background check product included in your programme and how they operate. This involves appreciating the risks they are designed to mitigate and the reasons for conducting these checks. This understanding ensures that background checks can be confidently applied to different roles or risk levels. Equally important is adherence to legal and regulatory compliance when using these checks.

Policy

With a comprehensive understanding of the background checks, you can develop your policy by considering the various laws, rules, and regulations applicable in different jurisdictions. While background check providers can guide you based on their experience, they cannot and will not provide legal advice.

Process

Employers should meticulously map out the entire background check programme, from the initial point of contact with a candidate to the day they commence work and beyond, with a continuous re-screening programme. Mapping the process is crucial to understanding the candidate experience and continuously improving it. Identifying pain points allows you to implement measures to mitigate them.

Provider

Your background check provider or partner is a significant piece of the screening puzzle, but they will not own your screening programme or policy. Knowledge is power. A detailed understanding of the products, policy, and process empowers you to maintain an effective relationship with your background check partner.

How to Enhance Your Existing Background Screening Policy

To effectively safeguard against insider fraud and minimise internal threats, organisations must implement robust employment screening policies. A comprehensive approach typically involves two interlinked policies:

The First Line of Defence

An Employment Screening/Vetting Policy, also known as a Background Check Policy, refers to a set of guidelines and rules that an organisation establishes to govern its background check operations, actions, and decision-making processes. This policy serves as a framework for new hires and employees to abide by, ensuring consistency, compliance, and alignment with the organisation’s goals and values.

Having a background check policy in place ensures a safe, fair, and transparent working environment and hiring practices while also mitigating risks and promoting responsible behaviour within the organisation.

An overarching background check policy should encompass various elements such as the scope and applicability of the checks, outlining for whom and why these checks are conducted, defining roles, responsibilities, and contact details, ensuring confidentiality and data protection, detailing how results are adjudicated, providing an overview of controls and monitoring, and explaining how other policies play a part.

The Second Line of Defence

A Background Check Adjudication Policy is a set of rules, guidelines, or principles that an organisation follows to make informed decisions regarding issues and discrepancies that arise during background checks.

This policy outlines the process for evaluating evidence, considering relevant factors, and reaching a resolution or judgement. It ensures fair and consistent decision-making by providing a framework for assessing each case’s merits and achieving a fair and impartial outcome. Typically, this policy includes criteria for determining liability, standards of evidence, procedures for presenting arguments and evidence, and guidelines for the decision-making process.

Common inclusions are a background check adjudication matrix, results review and investigation procedures, decision-makers and their processes, rules and regulations, and the offer rescind process.

This structured approach ensures that organisations can effectively enhance their screening policies, uphold integrity, and mitigate potential internal threats.

Adjudication Guidelines (employee background screening policy)

What is an Adjudication Matrix?

An adjudication matrix is a structured framework used by organisations during the background screening process to ensure fair and consistent decision-making. Despite its importance, many organisations either omit it entirely or fail to keep it updated.

Why is an Adjudication Matrix Important?

An adjudication matrix is a crucial component of an effective, fair, and non-discriminatory background screening policy. It clearly defines the different types of background checks included in a screening programme, ensuring they cover all roles, positions, and risk levels.

By outlining specific criteria and guidelines for evaluating background check results, the matrix provides a transparent and standardised method for assessing candidate suitability. This reduces reliance on subjective judgment, helping to mitigate discrimination claims from candidates or employees who may feel unfairly treated.

Key Benefits of an Adjudication Matrix

1. Consistency in Decision-Making – Standardising the screening process ensures all candidates are assessed against the same criteria, reducing bias and maintaining hiring integrity.
2. Enhanced Transparency – Clearly documented criteria and processes build trust among candidates and employees.
3. Legal Safeguards – Objective and lawful decision-making helps organisations defend against potential legal disputes.

How to Create or Update an Adjudication Matrix

Developing an adjudication matrix involves several key steps:

1. Identify Relevant Criteria – Define factors such as criminal offences, credit history, qualifications, directorships, and employment verification based on the role and business needs.
2. Align with Legal and Industry Standards – Ensure criteria reflect organisational values, legal requirements, and industry regulations.
3. Assign Decision Thresholds – Determine how different findings impact hiring decisions.
4. Document the Process – Maintain clear records of decision-making procedures and ensure all stakeholders are trained in using the matrix.
5. Regularly Review and Update – Keep the matrix relevant by revisiting it in line with evolving laws and regulations.

A well-structured and regularly updated adjudication matrix enhances fairness, transparency, and consistency in hiring decisions. By integrating this framework into their background screening policy, organisations can create a more inclusive and trustworthy work environment.

Background Screening Policy In Summary

Comprehensive

• A company-wide policy helps maintain fair and transparent background check guidelines, so the same standards and procedures apply across the organisation.
• Learn each background check product and the risks they are designed to mitigate, how you want it to work, and don’t forget and your interaction with your providers.

Compliant

• Background checks are the same, but different across the world, and you need to know the differences and remain compliant with applicable laws, rules and regulations in the countries you operate in.
• Use control plans to check that you are compliant and that you are mitigating risk.

Consistent

• Define and document your company’s background check policies and procedures.
• Apply the same processing and adjudication standards to all hires and employees.

Stay Current

• Laws, rules and regulations and laws change all the time, as can the human resources needs of your organisation.
• Stay current with background check services, technology and regulations. Consult your legal counsel and revisit your policy regularly to make sure you’re meeting your obligations under the applicable laws.

Special Offer!

For HR professionals looking to enhance their background screening policies, we are delighted to present an exclusive offer. Webinar attendees and EBC Global customers can now take advantage of a comprehensive, in-depth review of their background screening policies.

What You Will Receive:

• Expert Guidance from Seasoned Professionals Benefit from the insights and expertise of our experienced professionals, dedicated to helping you adopt best practices in background screening.
• Industry Benchmarking Gain access to our industry benchmarking service, ensuring your background check products and policies are in line with industry standards and competitors.
• Independent Policy Review Receive an independent review of your existing policies, along with a detailed summary highlighting areas for improvement to mitigate risks, reduce turnaround time, and cut costs.
• PLUS – Background Check Training Elevate your team’s capabilities with one session of our popular Background Check Training – Foundation Levels 1 & 2, tailored for you or a member of your team.

Pricing:

• £199 for a 2-hour review
• £250 for a 3-hour review

Don’t miss this opportunity to elevate your background screening policies with expert guidance, benchmarking, and training services. Secure this special offer today and ensure your organisation’s recruitment processes are robust, fair, and compliant.

How to Take Advantage of This Offer:

To find out more about this exclusive offer, you can use this BOOK A FREE CONSULTATION link to schedule a call with Anton.

Quote “EBCGLOBAL” to secure this special offer.

Email anton@backgroundcheckadvisory.com directly, or check out the Background Check Advisory website for more details about the services and training available: www.backgroundcheckadvisory.com.

What’s Coming Next?

The latest episode of our webinar series is now available on-demand! Catch up if you missed the live event:

Modern Employment Verification: Leveraging HMRC PAYE Records
🗓️ Date: 25th February 2025
⏰ Time: 12:00 PM (GMT)
🔗 Watch On Demand Now

Follow us on LinkedIn and subscribe to our mailing list for the latest updates!

Don’t forget to tune in to the previous episodes of our webinar series – they’re packed with insights on compliance, background checks, and the latest industry updates!

Chat with the Team About Background Screening Policy!

Have questions? Need personalised guidance? Our team is here to help! Whether you’re considering adopting a new screening programme, or want to explore how our platform can simplify your screening processes, we’re just a message away.

Reach out via email or schedule a one-on-one call with one of our experts. We’re passionate about helping you stay compliant, efficient, and ahead of the curve!

Q&A

Q: What’s the best way to go about creating an adjudication decision matrix?

Creating an effective adjudication decision matrix starts with understanding the individual background checks that make up your screening packages. Each check is designed to mitigate specific risks, so having a clear grasp of what they entail is essential.

Identifying Potential Screening Issues

Consider potential issues that might arise in different types of checks. For example:

• Employment references – What if the candidate’s previous employment cannot be verified or their job title differs significantly from what they provided?
• Employment dates – Could inaccurate dates be concealing another job?
• Criminal record, credit, or directorship checks – How do these findings impact hiring decisions
• Social media or qualification checks – What red flags should be considered?

A structured matrix helps ensure each result is assessed fairly and consistently.

Identifying Gaps in Your Vetting Policy

Building a matrix may reveal gaps in your current vetting process. It’s an opportunity to refine your policies and introduce additional checks to mitigate specific risks. Reviewing your current approach ensures that no potential threat is overlooked.

Keeping Your Matrix Updated

The recruitment landscape and associated risks are always evolving. Regularly reviewing and updating your matrix ensures it remains relevant, effective, and compliant with industry standards. An outdated matrix can lead to inconsistent or ineffective hiring decisions.

Collaboration and Expert Input

Creating the perfect adjudication matrix is an iterative process. Seek input from HR communities, regulatory bodies, legal counsel, and compliance teams to refine your approach. If internal expertise is limited, consider consulting background check specialists for guidance.

By taking a structured, collaborative approach, you can build an adjudication matrix that is comprehensive, fair, and aligned with your company’s risk management strategy.

Q: How do we start re-screening, and does it need a separate policy or should it be combined?

A: When starting re-screening, first recognise that legal, regulatory, and compliance requirements for current employees differ for new hires. Because of these differences, create a separate re-screening policy or include a dedicated section in your existing background check policy. This approach ensures a clear, fair, and consistent process across your organisation.

While thoroughness and accuracy remain essential, re-screening introduces unique challenges. A distinct policy or section helps address these differences effectively and strengthens your vetting process.

Several situations may require re-screening. For example, an employee returning from an extended absence, such as a sabbatical, may need updated checks. However, short-term parental leave (less than a year) typically does not require re-screening.

Re-screening becomes necessary when employees receive promotions or transfer to roles with different risk levels. Furthermore, if an employee faces an internal investigation for fraud or serious misconduct, specific background checks may be appropriate. These could include credit checks, PEPs (Politically Exposed Persons) and Sanctions screening, directorship checks, and social media screening.

By implementing a structured re-screening approach, you can mitigate risks, maintain compliance, and ensure workplace security.

Q: What role or department typically creates and maintains the background check policy in an organisation without one?

A: Developing a background check policy requires collaboration between multiple departments. Human Resources (HR), Legal, Corporate Security, and Compliance teams each contribute essential expertise and insights.

HR typically owns and maintains the policy since it plays a central role in recruitment and employee relations. However, securing input from Legal, Corporate Security, and Compliance ensures the policy addresses all legal, regulatory, and security concerns.

The organisation’s size and structure may influence the approach, but designating a single policy owner prevents accountability gaps and conflicts. While multiple teams provide input, HR should oversee implementation to maintain consistency and avoid misalignment.

Assigning ownership to Talent Acquisition or Recruitment teams can create conflicts of interest. Since these teams focus on hiring, an independent department, like HR, ensures fair and unbiased policy enforcement.

In conclusion, HR should own the background check policy, with strong collaboration from Legal, Corporate Security, and Compliance. This approach guarantees a well-rounded, compliant, and effective policy that aligns with organisational standards and risk management goals.

Additional Resources

• View EBC Background Screening Policy Template/Checklist