Conducting background checks successfully requires compliance with federal and state regulations for collecting and reporting background data. Those requirements protect candidates and help you operate a consistent and fair background screening process.

However, making seemingly small errors—from how you conduct the disclosure and authorization process to how you use background check information in hiring decisions—can put your organization at risk for costly lawsuits and fines. 

As a result, you need to be sure you understand the background check legal requirements, your responsibilities as an employer, and how to avoid compliance mistakes.

The Role of Regulatory Compliance in Background Checks

Whenever you conduct a background check, you must comply with the Fair Credit Reporting Act (FCRA) rules for obtaining background data and using it to make employment decisions

Specifically, the FCRA requires organizations conducting background checks to comply with the following requirements:

  • Make proper disclosures and obtain authorization from candidates before conducting background checks
  • Use the most up-to-date and accurate sources of background data
  • Follow legal adverse action procedures

In addition, you must also follow state requirements for conducting background checks, for example, ”ban the box” laws, which dictate when employers can begin a criminal records search during the hiring process. These laws vary widely from state to state, and even among counties and cities within the same state. Therefore, it is critical to work with a screening provider that has the processes in place to help you comply with these evolving laws.


The Costs of Non-Compliance

Not following FCRA requirements can result in costly penalties and lawsuits. In fact, lawsuits related to FCRA violations have increased by 150 percent in the last 10 years, sometimes leading to multi-million dollar settlements. In addition to the costs associated with lawsuits and fines, your organization can also suffer reputational damage, not to mention the sizable distraction a major lawsuit can become. 

Being in a specific industry also carries additional non-compliance penalties. For example, healthcare organizations must comply with background screening requirements established by the following agencies and organizations:

Not following these rules can expose healthcare employers to penalties such as fines, possible loss of accreditation, and clawback of CMS funding.

Is your background screening program set up to help you conduct remote hiring  for favorable results? Take this interactive assessment to find out >>

Common Background Check Compliance Mistakes

Given the costly repercussions of background check non-compliance, it’s essential to manage even modest compliance risks effectively. Recently, something as small as the placement of a semicolon resulted in one employer losing a class-action lawsuit brought by a prospective employee. The Ninth Circuit federal court ruled the employer used confusing disclosure language and did not follow FCRA requirements for a disclosure form to be stand-alone and clear to applicants.

To steer clear of lawsuits and costly penalties, be sure to avoid the following background check mistakes.

1. Adding Extra Language and Documents to Disclosure and Authorization Forms

The FCRA requires clear and stand-alone disclosure forms. Failing to meet this requirement can be catastrophic for your bottom line and reputation. One retail employer added liability waivers and other information to their disclosure forms, and had to pay a $1.1 million class-action settlement.

To maintain compliant disclosure and authorization documents, keep them free of the following elements:

  • Grammar or punctuation that could be confusing or detract from the main purpose of the forms
  • A question or checkbox asking candidates about their criminal history
  • Information about an “investigative consumer report” (which is not the same as an employment background check and carries additional FCRA requirements)
  • Liability waivers
  • Information regarding employment policies, interviews, or other aspects of the hiring process

2. Excluding Required Items from Disclosure and Authorization Forms

In addition to elements you must leave out, the FCRA also requires employers to include specific items in disclosure forms. Per the FCRA, all disclosure forms must contain the following items:

You must also provide state-specific disclosures, but separately, because a 2019 court ruling prohibits combining federal and state disclosures.

3. Using Old Disclosure and Authorization Forms

Acceptable disclosure and authorization forms from the past—particularly before 2019, when state disclosures were required to be separated—may no longer be acceptable today. Therefore, you’ll need to make sure your background screening provider offers up-to-date disclosure and authorization forms for your use. Your provider should also guide you in the lawful retention and storage of those documents.

4. Excluding Critical Stakeholders from Your Background Screening Program

Though HR is the primary interface for candidates as they move through the background screening process, other internal stakeholders can advise you in maintaining a compliant screening program. 

In addition to your background check company, it is also critical to involve legal and compliance stakeholders. For healthcare employers, your Medical and Credentialing office may also be able to help you maintain a compliant screening program in alignment with your internal policies.

5. Including Prohibited Information in a Background Check

Receiving a signed authorization from a candidate to conduct an employment background check does not give you license to check aspects of their background prohibited by law. For example, the FCRA forbids reporting arrest and criminal records older than seven years and bankruptcies older than 10 years

Many states also prohibit reporting on some convictions related to marijuana possession in accordance with new marijuana legislation. You can avoid making hiring decisions based on prohibited background data by working with a background screening provider with up-to-date knowledge of the legislation affecting background checks.

6. Performing a Background Check on the Wrong Person

Because two or more individuals can have similar names, such as Jon Smyth and John Smith, the screening company you use should have thorough identity verification processes in place

For example, your screening company should be conducting a social security number (SSN) trace in every background check, and for every name associated with the SSN the candidate has provided. A comprehensive SSN trace can cut down on the likelihood of getting background check results for the wrong person. It can also help you avoid possibly taking action resulting in an adverse action lawsuit.

7. Not Following the FCRA Adverse Action Process

Though there may be times when you need to reconsider a job offer based on background check results, you must abide by legal guidelines before taking any adverse action.

The FCRA affords job candidates with specific rights, and violating them can result in FCRA penalties as well as a potential lawsuit. For example, a staffing agency working on behalf of a hospital client was sued for taking adverse action without providing the job applicant with a written description of his FCRA rights. 

To avoid this mistake, it is critical to follow FCRA requirements for adverse action, which include providing candidates who dispute background check results with the following documents:

Working in partnership with your background screening company and internal legal counsel, you will need to carefully consider all new information from a dispute before taking further action.


Mitigate Background Check and Hiring Risks

The background check process can be quite complex, and as a result, it can carry a considerable amount of compliance risk. However, by selecting a knowledgeable screening partner with processes in place to help you navigate compliance and other risks, you can avoid common mistakes and build a hiring and screening process that is both efficient and in line with federal and state law. 

At Corporate Screening, we utilize the EASE Compliance Tool, a proprietary screening technology to help our clients navigate FCRA compliance and maintain peace of mind. Within EASE, you have the ability to organize background checks into different categories with our Adverse Action Workflow tool to streamline FCRA required processes. The platform also simplifies disclosure and authorization by removing paper processes. 

For additional insights to help you improve your background screening program, take our interactive Background Check Assessment.

Take the Assessment