An organization needs to have confidence that the leaders to whom it grants power and authority are worthy of such trust. Senior management can bring the most risk to your organization—so it makes sense to invest some effort in screening these individuals for illegal or material misconduct. While past behavior is no guarantee against future misconduct, the information age has made it fairly quick and inexpensive to conduct basic due diligence on individuals.
The Role of Due Diligence in Compliance and Ethics Programs
In recognition of the fact that senior personnel are capable of bringing the most risk to an organization, the Federal Sentencing Guidelines contemplate that organizations will exercise “reasonable” due diligence in hiring and promotions. The governing standard states:
The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.
“Substantial authority personnel” is defined broadly and therefore requires a case-by-case assessment at each organization.
The Scope of Due Diligence: How Much Is Enough?
In conducting due diligence, the standard is “reasonable” and the objective is to find 1) illegal activities, or 2) “other conduct inconsistent with an effective C&E program.” Thanks to technology, most due diligence can be conducted quickly and effectively, and potentially save your organization from risk of harm and damage to reputation.
The most difficult issue with due diligence is the lack of a single standard of conduct for organizations to use in making a decision regarding fitness for leadership or employment. Most companies have a code of conduct that requires employees to conduct themselves in compliance with all laws and high ethical standards. Clearly, criminal conduct is contemplated by the Federal Sentencing Guidelines as a bar to employment, and most companies would not knowingly hire a person convicted of a felony for fraud, embezzlement, or violence. But what about personal off-the-job conduct, such as membership in a publicly controversial group that may be viewed as inconsistent with the values of your organization? This is the type of gray area that will require further review and evaluation.
It is recommended that your organization appoint an accountable party to help identify, review, and escalate such situations for final decision as they arise. You will need a fair and objective process and decision maker for those “gray area” situations. The lead delegate may be found in your compliance office, employment attorney, employee relations, or human resources roles, but should be designated before you need it.
Organizations should consider conducting due diligence prior to granting a position of substantial authority. This section outlines practical suggestions for implementing due diligence in your organization. Actual implementation should take into account your organization’s size, risk tolerance, regulatory requirements, and available resources. The degree to which your organization is open to adoption of these will likely be influenced by the maturity of your compliance and ethics program.
Substantial Authority Personnel: Identify those roles in your organization that fit the criteria of “substantial authority personnel.” Come to an agreement on the positions that present the greatest risk. These will generally include the board of directors, C-level senior management, and roles that have access to the corporate checkbook, such as finance, sourcing, and procurement. Also consider positions that have access to highly confidential employee information, are in safety-sensitive positions, or will serve in positions of trust as fiduciaries or with vulnerable populations.
Adoption of a Policy and Procedure: Consider adopting a written policy that requires the organization to conduct a background check prior to granting a position of substantial authority, both for new hires and prior to internal promotions. It is important to adopt a consistent policy and process in order to protect the company from either real or perceived inequities that can lead to claims of discrimination or unfair treatment.
Pre-Employment Checks: For pre-employment checks, assign accountability for this process to a designated person in your organization. Ideally, this will be a centralized function in your organization, to ensure efficiency, fairness, and consistency. Most companies assign oversight of this responsibility to human resources, who often outsource background checking to specialized vendors. Your organization should determine the frequency and scope of such background checks. Many organizations conduct background checks one time prior to hire and upon promotion, and sometimes also on a periodic basis thereafter. Frequency is often driven by industry requirements, such as financial services or healthcare regulations. The scope of many background checks includes criminal history search, education and credentials verification, employment history verification, nationwide background search, motor vehicle records examination, and social security verification. Drug test checks, sexual offenders list search, wants and warrants, worker’s compensation, and international employment and criminal record searches should also be considered, depending on the organization and job responsibilities. Highly regulated industries include more exhaustive search criteria. For example, financial services companies include credit history, fingerprint reconciliation, newspaper and periodical searches, and SEC records searches; healthcare companies include HHS/OIG and GSA list checks. In making a final scope decision, it is helpful to compare your proposed background screening process against other peers in your industry.
Checks Prior to Promotion: For due diligence checks prior to promotion, an organization should consider repeating its external pre-employment background check process (see above). In addition, it should review available internal personnel documentation on the employee’s conduct to date. Ideally, an organization will conduct written performance reviews annually and include compliance and ethics leadership as part of its job performance measures. A check may also be run on whether the candidate up for promotion has had involvement in an internal investigation or complaint that is a cause for concern. This is a quick and simple process if a company has centralized its investigations governance and has an online case management database with a good search function. A final fact-gathering additional approach might include interviews or reference checks with former managers and employees. However, such methods are used less frequently, as they generally yield subjective information, may be disruptive and look like a “fishing expedition.” Practically speaking, it’s unlikely that the manager who is about to promote an individual would provide a bad ethical reference. Organizations that choose to conduct interviews as part of their due diligence must be careful to distinguish between opinion or conjecture and facts.
Governance Process: Create an escalation process for decisions that require further review. Most due diligence will return results that require no action. However, some information may not easily lend itself to a clear decision on whether to hire or promote. The nature and seriousness of the conduct will need to be evaluated and weighed against the likelihood of future misconduct. In difficult cases, apply investigations best practices to the situation—be prompt, thorough, and objective; keep the fact-finding confidential, and partner closely with employment counsel to obtain advice prior to making a final decision and taking action on the information.