Advances such as cryptocurrencies, digital payments, robotics and artificial intelligence are no longer foreign concepts to the financial services sector, and yet there are still layers of regulations that need to be understood and tackled carefully.
In a similar vein, one could say that background screening is often approached warily, with many unsure of how to navigate the giant web of employment and data privacy regulations that surrounds it. Yet, the practice of background screening is generally accepted and implemented to help safeguard organisations from losing potentially devastating amounts of money, intellectual property and sensitive data at the hands of a bad hire.
Take for example the highly-publicised case of former branch deputy manager Gokulnath Shetty, from the Punjab National Bank branch in south Mumbai, who engineered fraudulent transactions totalling about US$1.8 billion over 7 years (source). In June last year, former CEO of Anglo Irish Bank Corp. was penalised for conspiracy to defraud, and false accounting during the financial crisis in 2008. Imagine if these, and other similar transgressions, were to slip through the net in a company’s hiring process.
With the rush to fill in significant talent gaps in the industry, organisations might be tempted to skip background screening altogether. However, it’s important that HR teams don’t put their company at risk in the process of beefing up the talent pipeline. How should companies navigate the seemingly complex regulatory landscape that is background screening?
A key concern of background screening is the infringement of data privacy laws, what with the sheer amount of hugely personal data collected from job candidates. This issue has been thrown into the limelight by the Cambridge Analytica scandal, which brought under scrutiny the ways in which companies made use of customer data.
Perhaps the most prominent data privacy regime in place is the General Data Protection Regulation (GDPR) by the European Union (EU), which went into effect on 25 May last year. The GDPR applies to any organisation that processes personal data of individuals in the EU, including organisations that have permanent establishments outside of the EU. Within APAC, similar regulations give individuals the reins over their personal data, such as the Personal Data Protection Act in Singapore, Hong Kong’s Personal Data (Privacy) Ordinance, and Australian data privacy regulations.
Candidate consent, data mapping, subject access rights – in theory, these form the very backbone of background check processes that predates the GDPR. Screening providers have traditionally offered options to support employers in their efforts to ensure the delivery and collection of information notices and consents. In the case of new regulations, such as rules governing data transfers under the GDPR, a respected background screening provider would work with their clients to ensure compliance as a data processor, and that organisations are well-informed and educated on considerations to carry out their obligations as data controllers.
Building an effective screening programme
The benefits of background screening are clear, especially to the financial services sector – HireRight’s 2018 APAC Employment Screening Benchmark Report found that respondents in the sector indicated improved regulatory compliance as one of the top three benefits of employee screening.
Apart from legal and compliance requirements, companies need to have a keen understanding of the specific needs and scope of operations, and implementing the relevant background checks necessary to address the inherent internal and external risks posed to their business.
For businesses in the financial industry in Singapore and Hong Kong, one specific background check HireRight provides for the sector is the International Financial Regulator Search service, which scans the registries of the Monetary Authority of Singapore and the Hong Kong Monetary Authority, to identify financially regulated individuals and verify if they are prohibited from working in the sector.
Financial services employers in Australia may be subject to the Australian Securities and Investments Commission financial services licensing requirements. These requirements include a National Police Check sourced through the Australian Federal Police. A background screening provider with local reach can facilitate this search, as well as other criminal checks sourced through in-country government or police registries.
Apart from the financial services industry-specific screening, general background checks also provide recruiters with important information about candidates that would help them assess if potential hires will be a good fit for the job, and whether they meet the regulatory requirements of the industry. These checks include credit history, criminal records, CV checks, educational history and employment verification – all important indicators that signal a candidate’s potential risk profile, and confirms their qualification for the role at hand.
Keeping in mind the importance of ensuring data privacy is maintained, processes are compliant, and inherent needs of the company are considered, what should businesses look out for when choosing a background screening provider for their organisation?
1. Ensure they have the right credentials.
Look out for globally-recognised standards when picking a background screening provider. For example, HireRight in APAC and EMEA is ISO 27001:2013 certified, which provides independent assurance that the data security has been tested and audited in accordance with internationally accepted standards for good information security practice.
2. Ensure that they are equipped to handle cross-border checks.
Where global consistency and visibility in background screening are a must, especially for large multinational corporations, pick a provider that’s able to execute a truly global programme that is still tailored to fit the local culture and language of each market.
3. Ensure that they offer a smooth and transparent application experience.
Your chosen vendor and their staff should be equipped to answer applicant questions promptly and offer user-friendly dispute processes should issues or discrepancies arise around report results.
Ultimately, your background screening programme should not deter candidates from applying for a position because of a complex procedure that involves layers of regulatory compliance. Communicating the right information at the right time, and in appropriate depth, will help candidates to have a better understanding of how the process works and allay any fears they might have. The concept of “high risk, high return” is often construed as a valid strategy within the financial services industry. But the same cannot hold true when it comes to hiring.
Alonzo Martinez, Associate Counsel, Compliance, at HireRight