SHRM has partnered with Security Management Magazine to bring you relevant articles on key workplace topics and strategies.
Background checks, preemployment screening, background investigations—by whatever name, it's the process of scouring criminal, academic, employment and other records to verify that potential hires are who they say they are and have the background, education and experience they claim.
A cornerstone of a sound security program, preemployment screening is used almost universally by employers; the Professional Background Screening Association indicates that 96.1 percent of employers perform some sort of preemployment background screening.
And most background checks in the United States run smoothly and effectively, in compliance with the U.S. federal Fair Credit Reporting Act, and with no complaint.
However, a worrying minority of cases show not only gaps in the system but also egregious examples of either abuse or poor oversight. It's also clear that background checks are not a failsafe or panacea, and should be only one key element of a personnel security program.
For more than 30 years, the authors have been analyzing cases in which lapses in background checks resulted in sometimes catastrophic loss or damage to people, businesses, assets and the U.S. government. In more than 60,000 cases over the last 20 years alone, U.S. security, intelligence, military and law enforcement personnel were charged with major felonies. But thousands of these individuals passed background investigations either by using someone else's name, ID and Social Security number, or by lying about degrees, work experience, finances, arrest records or citizenship status.
Moreover, the data spotlights two harsh realities: passing a background investigation, even a properly conducted one, is no guarantee that the employee is law-abiding, psychologically sound or even who he or she claims to be. Nor does it ensure that he or she won't break bad in the future. Over the last few decades, more than 120 cleared workers in almost every U.S. government department, intelligence agency and military service stole U.S. secrets for foreign countries, betraying their country and destroying lives and livelihoods. The problem persists today.
Categorizing Lapses
The authors have identified 36 categories of issues that resulted in background checks that did not perform as they should have, including but not limited to investigators faking results, employers ignoring negative findings, employers relying on the honor system, and insiders deleting criminal records. We have placed these cases in four categories: the guile of the job candidate, the lack of specific requirements for what should be checked, the fault of the hiring organization, and the fault of the third-party screening provider. Many cases fall into more than one category or are difficult to place.
Guile. Criminals continually circumvent and outsmart the screening process. For example, in 2006 U.S. Border Patrol agent Oscar Antonio Ortiz, a Mexican citizen, was sentenced to prison for smuggling more than 100 illegal immigrants to the United States from Mexico, often transporting them in his own car. He had falsified a birth certificate to get the job. Before applying for the Border Patrol role, Ortiz had been arrested by his future colleagues for smuggling people across the border, but he had used a fake birth certificate to clear the background check.
A 2010 investigation uncovered that Nathaniel Brown changed his birth date and Social Security number by a single digit to get a custodial job at Ohio State University. The numbers he provided were not checked against official documentation, so his previous five-year prison term never came to light. He got the job, and after a poor performance review, Brown ended up killing his supervisor and wounding another man before killing himself.
Corrupt insiders contribute to the problem. The authors have recorded scores of cases in which staff at state departments of motor vehicles generated and sold fraudulent driver's licenses. Those schemes have placed pristine yet bogus IDs, which could later serve as breeder documents, into the hands of tens of thousands of individuals, including undocumented immigrants, criminals and possibly even terrorists.
Scope of checks. In other incidents, background checks don't go far enough. Even though her sister was married to a member of the Cartel del Noreste, Jennifer Loya passed a background check for a lower level position for the U.S. Attorney's Office in San Antonio, Texas. Loya, eventually promoted to a paralegal, used her insider knowledge to tip off members of the cartel to imminent raids on drug caches by the U.S. Drug Enforcement Administration. She was arrested in May 2020 for obstruction of justice and conspiracy to possess and distribute methamphetamine.
A background check of Yeshiva University lecturer Akiva Roth, who started working there in 2013, failed to turn up his 1997 guilty plea to four counts of lewdness against several boys in his role as a tutor. According to the university, Roth began teaching there before the school's screening process was complete.
Employer disregard. In still other cases, employers never conducted a search. Over a two-week period in late summer 2019, a pair of deliverymen in Palm Beach County, Florida, attacked women awaiting their purchases. One victim was beaten to death and set afire; the other was sexually assaulted. Both assailants had prior arrests, one from just the year before.
And in 2014, a Florida massage studio called Essentials was ordered to pay $47.4 million to a woman who sued after an employee touched her genitals during a session. Testimony at the trial revealed that the company had not conducted a background check on the culprit, who had been fired from three previous jobs.
Screener misfeasance. Screening companies themselves can contribute to the numbers of the wrongly cleared. Sometimes, criminal checks are requested but languish in a backlog. In January 2020, a high-ranking New York City education official was federally charged with using a computer to facilitate a child sex crime. Although he had been hired four years earlier, his background investigation had not yet been completed.
Screeners sometimes evade or abuse background checks for expediency and volume—exalting profit over probity. Industries with high turnover and high demand—including security guarding firms—often face pressure to fill roles quickly, sometimes without fully investigating candidates. U.S. Investigations Services (USIS), the company that cleared NSA leaker Edward Snowden and Navy Yard shooter Aaron Alexis, was sued in 2014 by the U.S. Department of Justice (DOJ) for notoriously clearing 665,000 background checks that had not been reviewed. From 2008 to 2018, the DOJ prosecuted 27 individuals for submitting fraudulent checks, by failing to interview sources or obtain key records, for example.
In 2017, Chicago officials were outraged after ridesharing service Lyft brought on a driver who had just served a prison term for aiding al Qaeda. Background screening conducted by the city of Chicago and by Uber previously disqualified the driver due to that very conviction, but Lyft missed it. In a statement to the press, Lyft wrote that the "independent background check provider should not have approved the driver, and that is unacceptable."
Government Reform Efforts
"Government efforts to maintain a trusted workforce have, to date, fallen short," said the nonprofit Intelligence and National Security Alliance (INSA) on its Security Policy webpage. It continued: "Agencies' stove-piped approaches to security clearance investigations and adjudications leave the nation unprepared to counter adversaries who seek to harm our people, institutions and infrastructure."
In light of the USIS scandal and other criticism, the U.S. federal government now requires a civilian government employee to review every background investigation file to disincentivize rushing through checks to bolster profits. In a certain percentage of cases, that person audits some of the checks by contacting sources that should have been interviewed. While no system is perfect, officials say results have improved.
Per an executive order signed by President Donald Trump in April 2019, the Office of Personnel Management relinquished all background investigation responsibility to the Department of Defense's Defense Counterintelligence and Security Agency. An official of the newly tasked agency testified that it had reduced the backlog of background investigations from a high of 725,000 open cases in April 2018 to 231,000 in January 2020.
While that's a promising start, INSA calls for further reforms, including passing legislation that would set time limits for clearance determinations and eliminate duplicative clearance investigations. The organization also calls for continuous evaluation, a process in which agencies steadily receive reports or alerts about staff arrests, convictions, license suspensions or revocations, and other relevant information from credit reporting agencies.
Private Sector Efforts
While asserting that background checks are more effective than they have ever been, experts acknowledge areas for improvement, some of which are underway.
Commenting on the 2010 Ohio State case, Illinois-based background screening expert and practitioner Nick Fishman calls it "one of the most egregious examples of how someone can work the system." He says that the failure in that particular case stemmed from not requiring a valid form of ID and checking the job applicant's application against it. "More and more companies are starting to do that extra check," he adds. "But everyone should be doing that."
When it comes to completed checks that do not catch troubling issues, Fishman explains that there is no set of standard checks for nonregulated industries. "The gold standard is to do a county check wherever they lived and using a Social Security trace to search all the names they have used," he says. Then the screener would conduct a federal check and one of the national criminal database.
Although screeners can make suggestions, companies in unregulated industries can task screeners with whatever checks they want. "Generally, there aren't best practices in background screening for unregulated industries," says Fishman. And a limited scope of search is the most common reason that adverse information isn't found when it could have been.
"If they're not regulated, it's all in the hands of the employer to determine how thorough the background check is," agrees Melissa Sorenson, executive director of the North Carolina-based Professional Background Screening Association. She adds, though, that there are common practices based on industry, job type and job level.
For example, companies tend to check seven years of criminal records—certain states set that as a time limit and the original draft of the Fair Credit Reporting Act established that time period as well (though an amendment in 1998 did away with that limitation). Sorenson says that there is no movement afoot to set a standard for the scope of a background check. Doing so would be difficult, she says, because "there are so many moving parts." For example, reporting processes in the United States differ by type of crime—felony versus misdemeanor—as well as by federal, state, local, county and city rules. And as a practical matter, what's accessible in one court might not be available in a neighboring jurisdiction.
Where Sorenson does see room for improvement is with respect to personal identifiers on public records. "We are seeing a trend among courts of slowly redacting personal information" for privacy reasons, she says. "It started with Social Security numbers…and now courts are regularly pulling pieces of data, only providing the month and year of birth." More detailed identifiers yield much better results.
Security Officer Screening Developments
The authors have identified more than 1,000 cases in which security officers passed background checks before committing crimes ranging from sabotage and espionage to rape and murder. Many should never have passed preemployment screening. Underlying the issue is a patchwork state-by-state approach to regulating background screening for officers. Some states don't require screening at all.
"I'm sure there are unarmed security officers being hired in Mississippi now without background checks because there's no regulation, no legal requirement," says Eddie Sorrells, chief operating officer and general counsel at Alabama-based DSI Security Services.
Help may be on the way. Sorrells says that U.S. Senator Pat Toomey's (R-PA) introduction of S.3012, the Private Security Officer Screener Improvement Act of 2019, is a step in the right direction, although its fate in Congress remains uncertain. The National Association of Security Companies—whose member companies employ almost half a million security officers in the United States—explained in a press release that "the bill enables employers of security officers to obtain previously authorized FBI background checks on their officers and applicants from a DOJ designated entity when such FBI checks are not available through the state of employment."
While both the U.S. federal government and the private sector are improving some aspects of preemployment checks, glaring errors or shortcomings in the process still regularly produce tragic results. To some extent, the effectiveness of background checks is constrained by well-intentioned public policy positions, such as the desire to preserve citizens' privacy and enable ex-convicts to make a living after serving their time.
But the authors' data shows that breakdowns in the preemployment screening process continue to occur with disappointing regularity.
Louis R. Mizell, Jr., is a former intelligence operative and analyst with the U.S. Department of State who has served in 105 countries. He has written nine books on security and terrorism, appeared on programs such as Oprah and The Today Show, and has been quoted or cited in more than 400 publications.
Michael A. Gips is the principal at Global Insights in Professional Security, a firm that provides security content, security strategy and business development. The former Chief Global Knowledge & Learning Officer at ASIS International, he has published more than 1,000 articles on security. Mizell and Gips have developed a knowledge base of more than 3 million crime and security incidents divided into 100 interrelated systems, including background screening.
This article is adapted from Security Management Magazine with permission from ASIS © 2020. All rights reserved.
An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.