While the possibility of hiring someone who may pose a direct criminal threat can seem rare, the latest figures from the fraud prevention service CIFAS remind us just how serious a threat insider fraud is to UK businesses and highlights the importance of developing an ongoing employee screening strategy.

CIFAS figures show that employee fraud increased by 45% in 2009. Similarly, the latest KPMG ‘Fraud Barometer’ shows a major increase in fraud by managers and employees with cases worth £567m in 2009, compared with £229m the year before. The CIFAS report also revealed a 113% increase in cases of unlawful obtaining or disclosing of personal data, indicating organised criminals planting insiders within organisations or bribing or threatening existing staff to reveal information.

Why conduct regular screening?

Many organisations now routinely carry out pre-employment screening and while this helps to mitigate risk at the recruitment stage, it can also create a false sense of security. An employee might start their career with a company with a clean background, however there is no guarantee that this will remain the case.

But it’s not just about insider fraud. Employers also have a duty of care to ensure that employees meet the required standards of the job and that they don’t pose a danger to themselves or others. Failure to spot a potentially dangerous employee through lax monitoring or a lack of ongoing screening could have legal, financial and reputational consequences for an employer.

Understanding the legal implications

Ongoing screening or re-screening strategies are still relatively new in the UK. Not surprisingly, organisations have been cautious in approaching this issue because to be successful, they need to make sure they walk a fine line between addressing legitimate business and security risks and not alienating employees along the way.

As with background checks at the pre-employment stage, existing employees have to give their permission to have their background screened in line with the Employment Practices Data Protection Code. It is important to ensure that the level of re-screening - and the specific checks carried out - is proportionate to the threat and confined to the requirements of the job. Similarly, employers who use social networking sites to gather information about their employees might find themselves in breach of the Data Protection Act.

Communicating an ongoing screening strategy

Employees are much more likely to engage if they understand why a refresher screening process is in place and what their own responsibilities are in relation to this. Being clear and transparent about the organisation’s motives can really help to avoid negativity and minimise employee concerns. It is also vitally important that employers demonstrate a commitment to employee confidentiality by outlining who will have access to the checks, how they will be stored and so on.

The role of line managers

Line managers can also play a key role in this process and are often in the best position to identify any changes in employees or behaviours of concern. But it’s also about placing responsibility on the employees themselves. Making it a requirement for people to disclose, to their line managers, any change in their status since they first commenced employment with the company can help to achieve this. It also puts the onus on the employee to raise any potential issues that may result from a re-screening check and therefore prevent any surprises that may be uncovered.

How regularly should employees be re-screened?

Ideally, all employees should be re-screened on a regular basis, at least every 12-18 months. In order to minimise the costs associated with an ongoing screening strategy, organisations might consider refresher screening or periodic checks on a random sample of the existing employee population rather than blanket screening of the entire workforce. This can either be done annually or over a longer period, such as every three years.

Dealing with negative feedback

When an employee’s honesty and integrity is called into question as a result of a background check, a thorough and formal investigation to properly assess the risk they pose to other employees and the organisation should be conducted before making any rash decisions.

In summary, regularly screening existing employees enables organisations to gain an insight into the background of their workforce, ensures that they fulfil their contractual obligations and at the same time mitigate the risks associated with a bad employee.

Ongoing background screening checklist

Do....

• Make sure you get their consent and fulfil contractual obligations
• Be clear and transparent with employees to get buy in to a re-screening programme
• Use a third party to cut costs, relieve administrative burden and ensure compliance
• Ensure you have a documented policy on how revealed detrimental information will be managed

Don’t ...

• Use social media to check up on staff – it’s not reliable and may be in breach of data protection legislation
• Jump to conclusions – deal with the information appropriately and carry out a thorough investigation before taking any formal action
• Store the screening report for longer than is necessary in line with the Data Protection Act
• Miss the opportunity to make background screening positive – emphasise to staff that checking is not just for the protection of the company, but for the protection of all employees

Fiona Dawson is head of product at Experian Background Checking looks at how to develop an ongoing background screening strategy and minimise employee risk over the longer term