An organization needs to have confidence that the leaders to whom it grants power and authority are worthy of such trust. Senior management can bring the most risk to your organization—so it makes sense to invest some effort in screening these individuals for illegal or material misconduct. While past behavior is no guarantee against future misconduct, the information age has made it fairly quick and inexpensive to conduct basic due diligence on individuals.
The Role of Due Diligence in Compliance and Ethics Programs
In recognition of the fact that senior personnel are capable of bringing the most risk to an organization, the Federal Sentencing Guidelines contemplate that organizations will exercise “reasonable” due diligence in hiring and promotions. The governing standard states:
The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.
“Substantial authority personnel” is defined broadly and therefore requires a case-by-case assessment at each organization.
The Scope of Due Diligence: How Much Is Enough?
In conducting due diligence, the standard is “reasonable” and the objective is to find 1) illegal activities, or 2) “other conduct inconsistent with an effective C&E program.” Thanks to technology, most due diligence can be conducted quickly and effectively, and potentially save your organization from risk of harm and damage to reputation.
The most difficult issue with due diligence is the lack of a single standard of conduct for organizations to use in making a decision regarding fitness for leadership or employment. Most companies have a Code of Conduct that requires employees to conduct themselves in compliance with all laws and high ethical standards. Clearly, criminal conduct is contemplated by the Federal Sentencing Guidelines as a bar to employment, and most companies would not knowingly hire a person convicted of a felony for fraud, embezzlement or violence. But what about personal off-the-job conduct, such as membership in a publicly controversial group that may be viewed as inconsistent with the values of your organization? This is the type of gray area that will require further review and evaluation.
It is recommended that your organization appoint an accountable party to help identify, review and escalate such situations for final decision as they arise. You will need a fair and objective process and decision maker for those “gray area” situations. The lead delegate may be found in your Compliance Office, Employment Attorney, Employee Relations, or Human Resources roles, but should be designated before you need it.
Organizations should consider conducting due diligence prior to granting a position of substantial authority. This section outlines practical suggestions for implementing due diligence in your organization. Actual implementation should take into account your organization’s size, risk tolerance, regulatory requirements, and available resources. The degree to which your organization is open to adoption of these will likely be influenced by the maturity of your compliance and ethics program.
Substantial Authority Personnel: Identify those roles in your organization that fit the criteria of “substantial authority personnel.” Come to an agreement on the positions that present the greatest risk. These will generally include the Board of Directors, C-level senior management, and roles that have access to the corporate checkbook, such as finance, sourcing and procurement. Also consider positions that have access to highly confidential employee information, are in safety-sensitive positions, or will serve in positions of trust as fiduciaries or with vulnerable populations.
Adoption of a Policy and Procedure: Consider adopting a written policy that requires the organization to conduct a background check prior to granting a position of substantial authority, both for new hires and prior to internal promotions. It is important to adopt a consistent policy and process in order to protect the company from either real or perceived inequities that can lead to claims of discrimination or unfair treatment.
Pre-Employment Checks : For pre-employment checks, assign accountability for this process to a designated person in your organization. Ideally, this will be a centralized function in your organization, to ensure efficiency, fairness and consistency. Most companies assign oversight of this responsibility to Human Resources, who often outsource background checking to specialized vendors. Your organization should determine the frequency and scope of such background checks. Many organizations conduct background checks one time prior to hire and upon promotion, and sometimes also on a periodic basis thereafter. Frequency is often driven by industry requirements, such as financial services or healthcare regulations. The scope of many background checks includes criminal history search, education and credentials verification, employment history verification, nationwide background search, motor vehicle records examination, and social security verification. Drug test checks, sexual offenders list search, wants and warrants, worker’s compensation, and international employment and criminal record searches should also be considered, depending on the organization and job responsibilities. Highly regulated industries include more exhaustive search criteria. For example, financial services companies include credit history, fingerprint reconciliation, newspaper and periodical searches, and SEC records searches; healthcare companies include HHS/OIG and GSA list checks. In making a final scope decision, it is helpful to compare your proposed background screening process against other peers in your industry.
Checks Prior to Promotion: For due diligence checks prior to promotion, an organization should consider repeating its external pre-employment background check process (see above). In addition, it should review available internal personnel documentation on the employee’s conduct to date. Ideally, an organization will conduct written performance reviews annually, and include compliance and ethics leadership as part of its job performance measures. A check may also be run on whether the candidate up for promotion has had involvement in an internal investigation or complaint that is a cause for concern. This is a quick and simple process if a company has centralized its investigations governance and has an online case management database with a good search function. A final fact-gathering additional approach might include interviews or reference checks with former managers and employees. However, such methods are used less frequently, as they generally yield subjective information, may be disruptive and look like a “fishing expedition.” Practically speaking, it’s unlikely that the manager who is about to promote an individual would provide a bad ethical reference. Organizations that choose to conduct interviews as part of their due diligence must be careful to distinguish between opinion or conjecture and facts.
Governance Process: Create an escalation process for decisions that require further review. Most due diligence will return results that require no action. However, some information may not easily lend itself to a clear decision on whether to hire or promote. The nature and seriousness of the conduct will need to be evaluated and weighed against the likelihood of future misconduct. In difficult cases, apply investigations best practices to the situation—be prompt, thorough, and objective; keep the fact-finding confidential, and partner closely with employment counsel to obtain advice prior to making a final decision and taking action on the information.
Compliance Issues with Background Checks
“Ban-the-Box”Legislation: Limiting Criminal Background Checks
When conducting background checks,  it will be important to keep abreast of the growing support for “Ban-the-Box” legislation.  This movement of more than 31 states, the District of Columbia, and more than 150 cities and counties nationwide is intended to address concerns that criminal records may unfairly bar employment for otherwise qualified applicants. Referred to as “fair chance policies,” most such laws require employers to delay criminal background inquiries for public sector and government contractor jobs until after a conditional offer of employment has been made to the applicant. Some policies provide guidance and factors to consider. For example, the City of Chicago will “balance the nature and severity of the crime with other factors, such as the passage of time and evidence of rehabilitation….” Although the majority of these laws apply only to public employers, many major private retailers—including Target, Wal-Mart, Home Depot, and Starbucks—have implemented similar policies. In addition, 10 states and 17 cities and counties have extended fair chance laws to private employment.
In support of this move, in 2012 the U.S. Equal Employment Opportunity Commission issued revised guidance recommending that all employers, as a “best practice… not ask about convictions on job applications and that, if and when they make such inquiries, the inquiries be limited to convictions for which exclusion would be job related for the position in question and consistent with business necessity.” Most organizations that use criminal checks also give candidates an opportunity to explain the results before a potentially adverse decision is made.
Credit and Reference Checks: Discredited?
Over the last decade or more, credit and reference checks have been viewed as least effective in predicting a person’s ability to do a job. Credit reports were originally created for banks and lending institutions, to enable them to make educated decisions on whether a borrower was a good credit risk. Their use as a basis for hiring decisions has come under fire given that many factors can influence credit history, such as unemployment, the loss of medical insurance or medical debt. Irrespective of these concerns, most organizations make the decision to run credit checks as one step in their due diligence process for employees with fiduciary responsibilities. Organizations that choose to use credit checks should ensure compliance with Fair Credit Reporting Act, which includes notification to a candidate when an employment offer or promotion has been denied, in whole or in part, due to the results of the credit report.
With regard to prior employment reference checks, many organizations have adopted a policy prohibiting references for former employees based on legal risk. Concerns of defamation, invasion of privacy, and negligent references are just a few of the thorny post-employment issues that have led companies to implement a complete ban. Many organizations recognize that former employer references are of limited value and almost impossible to obtain-and so as a result, no longer pursue them as part of their pre-hiring due diligence.
The advent of the Internet, combined with the overwhelming willingness of many people to post personal information online, has left employers struggling to define their responsibility to mine this potential source of information—while not running afoul of the many legal landmines. If derogatory information is available online that could foreshadow an executive’s later misconduct, an organization may be held liable for negligent hiring. But the same legal rules apply—employers may not use information to discriminate based on a protected class, and must not run afoul of privacy laws or labor laws. Recently, the National Labor Relations Board has actively taken the position that the Internet is a “virtual water cooler,” and employees therefore have a right to use social media to discuss work-related conditions. Organizations that make hiring or promotion decisions based on a candidate’s social media postings will want to ensure that such postings are not protected activity under the National Labor Relations Act. Many companies conduct a general Internet search, but must be cautious that the information is 1) accurate and relates to the actual individual, and 2) is legally allowed and relevant for use in a hiring decision. This is an evolving area to watch.
Employment, labor and privacy laws are rapidly evolving, which is why escalation to a governance board is important. Prior to making an adverse decision based on social media data, be sure to review the information with your legal counsel to fully vet potential risk factors that could later be used to challenge the company’s decision.
Special Industry Considerations
Some industries have specific regulatory requirements that bar the employment of individuals who have been convicted of certain offenses (e.g. healthcare, financial services and insurance). Organizations should be aware of any such regulatory requirements and integrate them into their due diligence practices.
Mergers and Acquisitions
Mergers and acquisitions can suddenly bring dozens to thousands of new senior leaders into your organization. How do you ensure that these new executives or other leaders are qualified, from a due diligence standpoint? Many acquiring companies rely on the prior company’s background checks, as sometimes the size of an acquisition and associated cost of new diligence can discourage companies who are already busy with other integration activities. In an ideal world, however, the acquiring company should consider newly acquired employees as new hires, and conduct its own background checks of all new employees, and especially senior management, as part of its pre-closing due diligence. Some industry security standards require stricter diligence, such as those in the financial services, utility and energy industries, and with positions that work with confidential information or require security clearances.
The most effective due diligence processes will include the identification of key personnel in your organization, a written policy and the implementation of procedures to diligence those who are hired and promoted into key positions, and an escalation process to fairly adjudicate the specific facts and circumstances regarding whether someone may be fit to lead at your organization. Such protocols will help ensure that the leaders to whom your organization grants power and authority are worthy of such trust.