Insider threat is a challenge facing organizations across the United States. For example:
- Employee theft accounted for one-third of the $46.8 billion of U.S. retail inventory loss in 2018 (National Retail Federation).
- Crime may be declining, but US law enforcement still makes more than 10 million arrests each year.
- According to the Association of Certified Fraud Examiners, companies lose 5% of their revenues each year to employee fraud.
- A 2011 study by the Department of Health and Human Services found 16% of employees at Medicare nursing facilities got a criminal conviction after being employed.
The background screening industry emerged in the 1990s as a response to risks like these. The industry continued to evolve as new technologies — and new threats — demanded innovation. Companies dependent on one-time, pre-hire background screens on employees began to transition to periodic rescreening. Today, new continuous monitoring products have created opportunities to further reduce risk and make our workplaces and communities safer.
Some history
The standard background screen verifies a person’s fitness for employment by confirming their employment history and checking for recent criminal activity. According to the National Association of Professional Background Screeners (NAPBS), 96% of U.S. employers conduct background screens.
Background screens rose in popularity in the 1990s in response to two emerging trends. First, a rise in high-profile cases of workplace violence. The early 1990s were some of the most crime-ridden in recent history. In the past five decades, the national violent crime rate has never been higher than it was in the early 1990s, according to FBI statistics. Moreover, there were more than 1,000 workplace homicides annually from 1992 – 1995, according to the Bureau of Labor Statistics (in 2016, there were 403).
This rise in workplace violence coincided with a growing awareness of employers’ liability to negligent hiring claims. Negligent hiring is a legal claim made against an organization for not properly assessing the risk an employee poses to the safety of the workplace. It wasn’t until the late 1970s that these claims became common options for impacted employees. In a variety of cases in the 1990s, including a vacuum cleaner manufacturer, a nursing home, and a furniture company, negligent hiring lawsuits cost companies hundreds of thousands of dollars.
A formalized background screening process was developed in response to these two trends. A background screen promotes public safety and reduces organizational risk by alerting employers to applicants who pose a threat to their company, reputation, employees, and customers. Critically, background screens look only at historical information. They are effective only up to the time of the screen.
While the pre-hire background screen is a crucial risk management technique, it leaves organizations exposed to threats from existing, already-screened employees. With a median job tenure in the U.S. of 4.2 years, companies need to do more to mitigate risk during employment.
Periodic rescreening introduced
To promote better workplace safety, many background screening companies began marketing periodic background rescreening to high-risk companies. A rescreen is fairly similar to the pre-hire background screen: Employee names are searched against relevant datasets to find potential criminal activity, driving incidents, and sanctions that occurred after the employee was hired.
Periodic rescreening was adopted mostly by companies in regulated or high-risk industries. Healthcare organizations, transportation companies, and financial institutions commonly rescreen employees. But rescreening is relatively expensive, and still leaves employers exposed to risk. If a company rescreens its employees every two years, and an employee is charged with theft two days after being hired, the company would not know until the rescreen is run. Just like a pre-hire background screen, periodic rescreens only capture criminal activity at the time the search is performed.
Periodic rescreening has yet to see broad adoption in the United States. More than half of employers do no type of rescreen, according to HireRight’s 2018 Employment Screening Benchmark. Of those that do, employees are typically only rescreened in unique situations, like promotions to a new internal position.
Periodic rescreening introduced another step forward for the background screening industry, but the drawbacks left plenty of opportunity for new post-hire solutions.
Emergence of continuous monitoring
Over the past few years, a variety of background screening companies introduced “continuous monitoring” products. Initially, these products were an extension of the periodic rescreen. Rather than re-search an employee’s name against a national criminal file (“nat-crim”), entire employee lists were uploaded into systems that produced an alert when a new entry in the nat-crim dataset matched employee information in the uploaded list.
Is continuous background checking becoming essential? Yes, says Dr. John Sullivan, who explains in “Continuous Employee Background Checks May Now Be Required.”
Screening has limitations
While this gave the impression of immediate insight into potential criminal activity, the underlying datasets suffered from inadequate scope and timeliness. Many nat-crim files have gaps in geographic coverage and in some cases are not continuously updated with new data.
Criminal monitoring products are effective only when they return an accurate, timely alert on potential criminal activity. When a monitoring product is built on a nat-crim file, the “matching criteria” is typically limited to publicly-available information: first name, last name, and date of birth (although matching criteria can vary among providers).
This limited matching criteria can result in more false positives – alerts about criminal activity from individuals not associated with the organization, but with somewhat similar names and dates of birth. At a minimum, this results in higher false positives, which leads to higher operational costs. Improperly managed, incorrect HR decisions and future litigation are both possible.
Better matching is accomplished by using, as Apriss Safety does, a larger set of criteria: first name, last name, date of birth and Social Security number, driver’s license number, and zip code. This approach reduces false positives and the risk of litigation.
Continuous monitoring is a critical evolution in the background screening industry. It will keep companies safer from fraud, theft, and reputational damage. Each of these represents a real cost to businesses. The average dollar lost for each insider retail theft is more than $1,200. Bad reputations cost companies at least 10% more in hiring costs.
Most importantly, continuous monitoring will keep employees, customers, and the broader public safe from malicious actors.
It’s been exciting to see the background screening industry evolve over the past 25 years, and I can’t wait to see what’s next.