The Emergence of Infinity Screening to Mitigate Risk

The practice of conducting employment background screening has been around a long time and has become ubiquitous that it is inexplicably tied to the employment hiring process. It is estimated that more than 90 percent of all businesses and organizations conduct some form of pre-employment background check.

Yet, we see change coming to background screening: it’s infinity screening, which is the process of conducting background checks on current employees on a periodic or on-going basis to stay informed about life changes that could create increased risk for your organization. The terms infinity screening, continuous screening, reoccurring screening and post-hire screening are synonymous and are used interchangeably.

We originated the term infinity screening in 2006 when the data base technology for being able to conduct on-going or reoccurring screening emerged. We saw the “handwriting on the wall” and that the die had been cast for significant change to occur in the background screening process. It has been a slow and arduous journey, but every year more and more firms are moving to conducting infinity screens. HireRight, a leading background screening firm, reported in their 2015 Annual Benchmark Report that 46 percent of their survey respondents were conducting re-occurring background checks, up from 32 percent in the 2014 Benchmark Report.

Infinity screening is taking hold because employers are beginning to learn and understand that pre-hire detection of problem behavior is not enough to forestall or foretell future bad behavior that creates risk for an organization. It’s no surprise to any experienced manager that at the core of risk and threats to businesses are the people they employ. Employees account for a significant portion of risk including:

Theft or embezzlement
Identify theft
Industrial espionage
Data breaches
Reputation damage
Workplace violence

Along with understanding the reality of the risk and threat associated with hiring people, the technology that enables continuous screening to happen real-time has continued to progress as well. With the advent of cloud computing, the capabilities have leaped forward.

Rather than scanning one time, or on a regular schedule of intervals (such as every few years), organizations now have the power to perpetually evaluate risk post-hire as life events and identity data evolve. Using personnel risk assessment technology in a continuous screening model, sophisticated analytics can be unleashed to assess risk factors in real-time and proactively alert managers to potential issues before they escalate. A shift to continuous post-hire monitoring for the latest actionable information is now possible.

Technology also helps organizations visualize threats and prioritize based on various factors, which can be customized for industry. For instance, the transportation industry may weight a “driving under the influence” (DUI) as a riskier trait than the finance industry, whereas the healthcare industry views delinquent payments as a bigger problem. Each industry faces its own unique challenges in meeting regulations and mandates, but a continuous screening platform can help organizations make sense of it all.

One example of a company using a software program to continuously check public records for everything from DUIs to bankruptcies, and alert officials when something happens to an employee that creates a potential risk. A company official shared, “If you go out and get a ticket for jaywalking, we don’t care, [however,] if you’re working in financial markets we may want to know about liens, judgments, civil actions that could indicate someone is in financial trouble and more likely to do something wrong.”

Before this same company began using the continuous monitoring software, they performed an initial background check when a person was hired, and followed up with checks every three years after. By monitoring public records across the country, they are now alerted when a worker is arrested or convicted for an offense that would trigger concern for the employer, saving time and money by not having to conduct screens on workers who have no change in their status. “We re-screen only those who indicate to us through alerts that we need to look deeper,” he said. “The alerts find needles in haystacks for us.”

Alerts helped identify three workers who had died, uncovered a first-degree murder conviction for one worker and exonerated another worker whose brother had stolen his identity and was arrested.

Before the firm began checking public records, they wouldn’t have screened any of those people until they came back up on their periodic check.

Another case further illustrates the impact of using a continuous screening model on the ability to make pro-active informed decisions. Note the name of the actual firm in the case has been changed.

The “Acme XYZ” company identified the following risk they were concerned about and wanted to find ways to mitigate these issues:

Acme is bound to background screening standards that are based on the Department of Homeland Security (DHS) and Transportation Administration (TSA) lists of Disqualifying Criminal Offenses; in addition to the Fair Credit Reporting Act and the guidelines set by the Equal Employment Opportunity Commission (EEOC).
Acme is required to conduct pre-screening and rescreening upon every three-year anniversary of more than 30,000 employees.
Acme is concerned that their current background screening requirements, as well as the process do not provide consistent, timely and accurate risk assessments per employee. Significant changes may occur during a three-year period which may impact the risk profile and ultimately impact employment eligibility. More frequent traditional background checks are cost prohibitive.
Acme has a policy requiring employees to self-report violations of their policies or significant life events, however, based on analysis of policy results the reporting policy is deemed ineffective.

The company implemented a trial of a ‘‘continuous monitoring service’’ that conducted continuous screening of their workforce and the outcomes produced are listed below.

During the initial three-month period that the company used the continuous monitoring service, more than 800 identity changes were identified, of which there were 24 actionable alerts that had the potential to disqualify the noted persons from continued employment in a sensitive position.

The following is a list of the actionable alerts received during the initial three months which were deemed disqualifying upon actual investigation.

Bookings/ Arrest

(1) Criminal possession, with intent to sell 10 lbs. marijuana

(3) Unnamed offenses

(1) Drug related, intent to sell

Criminal-State

(1) Criminal possession of stolen property

(1) Criminal possession of controlled substance

(1) Criminal possession of a weapon

(1) Robbery 2nd degree

(1) Assault 1st degree

(1) Injury/risk of injury to minor – sexual nature

(1) Felony possession of controlled substance

(2) Receiving stolen property

(1) Endangered welfare of a child; photo sexual act

(1) Unnamed offense

Recorded Death

(3) Death

Sanctions

(4) Prohibition from working on NJ Government Contracts

Sex Offender

(1) Multiple sexual offenses

The level of risk associated with the “actionable alerts” clearly depends on the nature of the work and sensitivity of job that is being performed, however, having the information positions the employer to be able make an informed decision as oppose to getting blindsided by negative information.

These examples illustrate the true value of using a continuous screening model and shows how real time alerts can provide actionable information. Armed with this level of specific information, enterprise security managers are positioned to make decisions on how to best reduce or mitigate the risk when derogatory information is discovered about an employee.

It should be noted that it is important that firms using continuous screening understand that identifying derogatory information on an employee does not mean automatic termination, and should simply be grounds for an investigation to ensue. This is where an individual assessment is very important, and all the relevant information needs to be examined, starting with is there a nexus between the negative information and the nature of the work being performed?

For example, the alert identifies that an employee has been convicted of robbery and their job is parking cars. It’s a clear nexus between the two and finding the employee another position or termination might be in order. Whereas, an employee convicted for possession of child pornography that works on a manufacturing production line would be a steeper hill to climb in showing a nexus between the two, despite how much disdain you might have for the wrongdoing. The point being is that each case must be handled based on the unique circumstance and variables that are relevant to the situation, and above all, avoid blanket policies.

It is also strongly recommended that before you take any actions be sure to get your Human Resources personnel involved and consult your company attorney. Managing employee situations and possible adverse actions have many more nuances involved versus when you are dealing with an external applicant.

Infinity screening takes background screening to another level and turns it into a real time information gathering threat management and risk mitigation tool.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?