Screening employees could prevent fraudulent activityMatt Johnstonorganizational security, prescreening practices, Computer Security Institute, disgruntled employees The old adage of "an ounce of prevention is worth a pound of cure" has never been truer in the hiring process, as insider-induced fraud presents an increasing risk when it comes to organizational security. Lenders are even more susceptible, since employees have access to a tremendous amount of personal customer information. By implementing prescreening practices into the recruitment process, financial service organizations not only protect their assets and their customers, but also, at the very least, they also make sure they are hiring the best person for the job. The danger signs are there, and the risks are real. The latest Federal Trade Commission study revealed that out of more than 255,000 identity theft complaints, 12 percent of identity theft cases were employee related. Meanwhile, Computer Security Institute/FBI studies report increased incidents of unauthorized access to information and theft of proprietary information. In addition, the research points out that disgruntled employees posed a serious security threat and inside jobs occur about as often as outside jobs. Some security experts deem inside jobs as potentially more dangerous to consumers than accidental losses of data or attacks by hackers. Recently, two of the nation's financial institutions, Wachovia and Bank of America, notified more than 100,000 accountholders of the possible theft of financial records. The customers were the victims of bank employees with access to valuable information, which they sold for $10 an account. So, why would financial organizations risk the security of their data by not prescreening employees? Those that do not are setting themselves up for potential problems in the future. The screening should start right at the outset, by performing thorough verification of references, experience, education and professional qualifications at the hiring point. However, the screening process should not end there. The prescreening process should also include criminal and credit background checks and aptitude tests focusing on bank, math and computer skills. Probably the last thing a personnel manager wants is to add another layer to an already overwhelming hiring process that produces, if they are lucky, one out of four employees that are the right fit for the organization. However, all it takes is one person riding a bad streak or who suddenly decides to cash in an information mother lode for the institution to have a serious problem. The Federal Deposit Insurance Corporation (FDIC) recommends that to be effective, bank management should establish written criteria for when pre-employment background screening should be used and for circumstances or positions that may warrant increased screening procedures based upon the position and responsibilities associated with a particular job. The sensitivity of the position or the access level of an individual staff member may warrant additional and ongoing background screening. Many organizations shy away from investigating employee backgrounds past the initial stages, for fear of offending their staffs, but fraudsters constantly look for people inside to recruit (someone with serious debt could be a ripe candidate for an identity theft ring) or for people to place on the inside. The problem is serious enough that the FDIC released guidance recommending that financial institutions develop a pre-employment background screening process to better assure a job applicants credentials and personal history. "Obviously, positions that involve access to sensitive customer information and large-dollar transactions should require more in-depth background checks," the document states. The FDIC suggests that every financial company consider the following: Use written applications Many organizations now rely on standard employment applications, rather than résumés. This allows companies to collect information that is more objective and include a clause that states untruthfulness or material omissions are grounds for termination. In addition, the applicant can sign for and confirm the informations accuracy. Provide a Fair Credit Reporting Act (FCRA) notice Under the FCRA, an organization cannot request a credit report until it discloses to the applicant, in a separate document, that that the organization will request such a report. In addition, institutions must also obtain the applicants written consent to request a credit report. Compare names against enforcement action list The federal regulatory agencies maintain listings of individuals who have been assessed civil money penalties or who have been permanently removed and/or prohibited from banking. Consider fingerprint cards Fingerprint cards sent to the FBI are compared against a criminal database, and positive matches are reported back to the institution. Beware of regulatory penalties The regulatory agencies prohibit financial institutions from employing anyone convicted of any criminal offense involving dishonesty or a breach of trust or money laundering. Institutions that use contractors should also verify that they use screening procedures similar to those used by the financial institution. An effective background screening process not only helps financial institutions validate experience and background, it may diminish turnover by authenticating that the potential employee has the necessary skills, certification, license or degree for the position, in addition to serving as a deterrent to theft and embezzlement and preventing litigation over hiring practices. Matt Johnston is CEO of Burbank, Calif.-based Workway, which provides temporary, temp-to-hire and direct-hire employees to the financial, technology and medical industries. He may be reached at (877) 496-7592.