Screening employees could prevent fraudulent activityMatt Johnstonorganizational security, prescreening practices, Computer Security Institute, disgruntled employees
The old adage of "an ounce of prevention is worth a pound of
cure" has never been truer in the hiring process, as
insider-induced fraud presents an increasing risk when it comes to
organizational security. Lenders are even more susceptible, since
employees have access to a tremendous amount of personal customer
information. By implementing prescreening practices into the
recruitment process, financial service organizations not only
protect their assets and their customers, but also, at the very
least, they also make sure they are hiring the best person for the
job.
The danger signs are there, and the risks are real. The latest
Federal Trade Commission study
revealed that out of more than 255,000 identity theft complaints,
12 percent of identity theft cases were employee related.
Meanwhile, Computer Security
Institute/FBI studies report
increased incidents of unauthorized access to information and theft
of proprietary information. In addition, the research points out
that disgruntled employees posed a serious security threat and
inside jobs occur about as often as outside jobs.
Some security experts deem inside jobs as potentially more
dangerous to consumers than accidental losses of data or attacks by
hackers. Recently, two of the nation's financial institutions, Wachovia and Bank of America, notified
more than 100,000 accountholders of the possible theft of financial
records. The customers were the victims of bank employees with
access to valuable information, which they sold for $10 an
account.
So, why would financial organizations risk the security of their
data by not prescreening employees? Those that do not are setting
themselves up for potential problems in the future. The screening
should start right at the outset, by performing thorough
verification of references, experience, education and professional
qualifications at the hiring point. However, the screening process
should not end there. The prescreening process should also include
criminal and credit background checks and aptitude tests focusing
on bank, math and computer skills.
Probably the last thing a personnel manager wants is to add
another layer to an already overwhelming hiring process that
produces, if they are lucky, one out of four employees that are the
right fit for the organization. However, all it takes is one person
riding a bad streak or who suddenly decides to cash in an
information mother lode for the institution to have a serious
problem.
The Federal Deposit Insurance
Corporation (FDIC) recommends that to be effective, bank
management should establish written criteria for when
pre-employment background screening should be used and for
circumstances or positions that may warrant increased screening
procedures based upon the position and responsibilities associated
with a particular job. The sensitivity of the position or the
access level of an individual staff member may warrant additional
and ongoing background screening.
Many organizations shy away from investigating employee
backgrounds past the initial stages, for fear of offending their
staffs, but fraudsters constantly look for people inside to recruit
(someone with serious debt could be a ripe candidate for an
identity theft ring) or for people to place on the inside.
The problem is serious enough that the FDIC released guidance
recommending that financial institutions develop a pre-employment
background screening process to better assure a job applicants
credentials and personal history. "Obviously, positions that
involve access to sensitive customer information and large-dollar
transactions should require more in-depth background checks," the
document states. The FDIC suggests that every financial company
consider the following:
Use written applications
Many organizations now rely on standard employment applications,
rather than résumés. This allows companies to collect
information that is more objective and include a clause that states
untruthfulness or material omissions are grounds for termination.
In addition, the applicant can sign for and confirm the
informations accuracy.
Provide a Fair Credit Reporting Act (FCRA)
notice
Under the FCRA, an organization cannot request a credit report
until it discloses to the applicant, in a separate document, that
that the organization will request such a report. In addition,
institutions must also obtain the applicants written consent to
request a credit report.
Compare names against enforcement action
list
The federal regulatory agencies maintain listings of individuals
who have been assessed civil money penalties or who have been
permanently removed and/or prohibited from banking.
Consider fingerprint cards
Fingerprint cards sent to the FBI are compared against a criminal
database, and positive matches are reported back to the
institution.
Beware of regulatory penalties
The regulatory agencies prohibit financial institutions from
employing anyone convicted of any criminal offense involving
dishonesty or a breach of trust or money laundering.
Institutions that use contractors should also verify that they
use screening procedures similar to those used by the financial
institution.
An effective background screening process not only helps
financial institutions validate experience and background, it may
diminish turnover by authenticating that the potential employee has
the necessary skills, certification, license or degree for the
position, in addition to serving as a deterrent to theft and
embezzlement and preventing litigation over hiring practices.
Matt Johnston is CEO of Burbank, Calif.-based Workway, which provides
temporary, temp-to-hire and direct-hire employees to the financial,
technology and medical industries. He may be reached at (877)
496-7592.
