Economic Growth, Regulatory Relief, and Consumer Protection Act

Economic Growth, Regulatory Relief, and Consumer Protection ActHave you addressed the new provision in the Economic Growth, Regulatory Relief, and Consumer Protection Act that goes into effect on September 21, 2018?

Consumers have the right to obtain a security freeze

S. 2155 includes a new notice requirement that must be provided to consumers “[a]t any time a consumer is required to receive a summary of rights required under section 609.” Therefore, as of September 21, 2018, this new consumer notice (see below) should be sent whenever the consumer is required to receive a summary of rights under Section 609 (§1681g) of the FCRA (either the federal Summary of Rights notice or the “Remedying the Effects of Identity Theft” notice).

Cisive clients who utilize our onboarding portal with standard forms for delivery of the FCRA Summary of Rights need not do anything further as we are making changes to comply automatically. If you have “customized” forms (logo, words, content, etc.), you will need to review the forms in the system and advise Cisive if you are changing them. For those companies who manage their own pre-adverse/adverse process and deliver the FCRA Summary of Rights on their own, should consult Counsel and prepare to include the below notice when sending their Summary of Rights.

The notice required by the new provision that applies to any circumstance in which the consumer is required to receive a summary of rights under Section 609 is as follows:

You have a right to place a ”security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. As an alternative to a security freeze, you have the right to place an initial or extended fraud alert on your credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting 7 years. A security freeze does not apply to a person or entity, or its affiliates, or collection agencies acting on behalf of the person or entity, with which you have an existing account that requests information in your credit report for the purposes of reviewing or collecting the account. Reviewing the account includes activities related to account maintenance, monitoring, credit line increases, and account upgrades and enhancements.

Should there be any question regarding this, please contact your client services representative at Cisive.

2018 Hot List for Background Checking Providers


Workforce Magazine just published their 2018 Hot List for Background Checking Providers.

The Hot list gives a good representation of some of the leading Background Screening providers in the industry, most of whom provide the majority of their services to the SMB market.   If you look closely at the breakdown of the average # of screens per client, you’ll notice that Cisive’s average client, screens more than 8,000 candidates annually – far exceeding any other vendor on the list.

At Cisive, we’re not one size fits all.  

Cisive works with many of the largest companies in the world, with more experience implementing large-scale, enterprise-level background programs than any other background screening provider.  We cater to the complex challenges and program needs of large enterprises which require a unique mix of class-leading technology and regulatory compliance, coupled with a relentless focus on customer service.

Cisive is the only background investigation firm that can boast one unified platform globally. All information and documents necessary and sufficient for running a background investigation in any country are provided electronically to the candidate.

Accuracy of information acquired is directly related to in-country procedures in gathering and storing information. Cisive’s services are conducted in strict compliance with applicable laws.

If compliance along with quality and accuracy are important in your background screening program, look no further than Cisive.  Call us today at 1-866-557-5984 for a complimentary Risk Assessment of your current background screening program.

Tools to Use to Mitigate and Identify Workplace Harassment


In the age of digital and social media, harassment isn’t confined to the office or during work hours. Harassment can take place on social media platforms. The U.S. Equal Employment Opportunity Commission (EEOC) recommends that workplace anti-harassment policies incorporate dealing with social media. Even if employees post harassing or derogatory information about coworkers away from the workplace, for example, an employer may be liable for a hostile work environment if it was aware of the postings, or if the harassing employee was using employer-owned devices or accounts. As a result, the EEOC found that “harassment should be in employers’ minds as they draft social media policies and, conversely, social media issues should be in employers’ minds as they draft anti-harassment policies.”

In our post, “How to Handle Harassment in the New Workplace,” we defined workplace harassment and explored how to handle violations in order to protect your employees as well as your company. Significant changes in technology over the past decade are having a profound impact on human resource policies, from screening candidates to monitoring employee activity on social media sites.

The Role of Social Media in Workplace Harassment 

There are a number of legal issues involved in using social media to draw conclusions about a potential job candidate or about an existing employee. In some states, it is illegal to access such information, while in other states employers could be accused of negligent hiring and negligent retention if they do not take necessary action after gaining information from social networking sites.

Social Media in Screening

SHRM’s 2016 survey, Using Social Media for Talent Acquisition—Recruitment and Screening, found that 84 percent of organizations are using social media for recruiting, that 43 percent are using it to screen applicants and that 66 percent are taking steps to leverage mobile recruiting to target smartphone users.

When recruiters use online search engines and social networking sites to screen job candidates quickly, easily and informally, they may pull up either a wealth of helpful information or very little, depending on how protective the prospective employees are of their online privacy. In spite of these risks and uncertainties, human resources is increasingly using the Internet as an HR tool.

For example, social media can provide a snapshot of applicants’ professional personas. Do they belong to professional organizations? What type of volunteer activities are they involved in? What type of other organizations do they align themselves with? Will they represent the organization well in the community?

Social Media Employee Monitoring 

Once a candidate becomes an employee, social media policies are now a must for today’s workplace. While employers don’t want employees feeling as if they are being “watched” 24/7, it has become necessary to prevent harassment. It’s also a delicate balancing act.

It’s important to understand that employers can be held liable for actions their employees take within the course and scope of employment. For example, if an employee posts false statements or rumors about a competitor or co-worker on Facebook, you might be exposed to potential defamation claims.

Currently, there are no specific federal laws that prohibit an employer from monitoring employees on social networking sites. You can install software on company computers that does this, or hire third-party companies to monitor online activity. But to maintain trust among your employees, you should develop a social media policy that clearly defines acceptable behavior and whether your company will monitor access and usage at work.

At the minimum, your social media policy should state that employee online behavior must not violate privacy laws, or be discriminatory, or defamatory. Your policy should also keep up with evolving federal and state regulations aimed at social media activity in the workplace.

Cautions When Disciplining Employees for Social Media Use Outside of Work 

Some states have laws that prohibit employers from disciplining an employee based on off-duty activity on social networking sites unless the activity can be shown to damage the company in some way. In general, posts that are work-related have the potential to cause the company damage. Anti-discrimination laws prohibit employers from disciplining employees based on age, race, color, religion, national origin or gender.

Off-duty employee conduct, such as social media posts, may also be protected under federal laws. As many employers have learned the hard way, the National Labor Relations Board (NLRB) may restrict an employer’s right to terminate an employee for posting disparaging comments on social media. You can also violate NLRB rules by maintaining overbroad social media policies if they prevent employees from discussing their wages or other conditions of employment.

The NLRB has issued a number of rulings involving questions about employer social media policies. The NLRB has indicated that these cases are extremely fact-specific and has provided the following general guidance:

  • Employer policies should not be so sweeping that they prohibit the kinds of activity protected by federal labor law, such as the discussion of wages or working conditions among employees.
  • An employee’s comments on social media are generally not protected if they are mere gripes not made in relation to group activity among employees.

Your employees can be great brand ambassadors on their own social sites as well as posting on company accounts and blogs, if they’re clear on what constitutes good online habits.

Ongoing Criminal Monitoring 

Continuous background criminal checks are required to ensure your company is protected — an initial background screen is no longer sufficient to prevent potential liability.

For ongoing monitoring related to criminal activity, employers should consider hiring a third party to conduct the search. Employers should determine what type of information is relevant to the job and instruct search firms to report only this type of information, thereby avoiding potential lawsuits related to information that is protected by law, such as religious or political affiliation.

Additionally, because the laws vary from state to state (and they change over time), a third party firm specializing in criminal screening will save your company time in research what is and what isn’t legal to report on, as well as what information may result in disciplinary action up to and including termination.

How to Identify and Mitigate Workplace Harassment 

Screening tools can be highly effective for mitigating and identifying workplace harassment.

Companies have valid reasons and effective social listening tools for monitoring employees’ social media activities, especially if they suspect wrongdoing. However, if companies are not careful, they can violate state or federal regulations or elicit lawsuits from employees. Human Resources already has its hands full, but ensuring its policy on social media and ongoing criminal screening is up-to-date is imperative.

According to SHRM, the role of the human resource management professional in managing workplace privacy is to facilitate the adoption of reasonable and effective practices that protect employees while minimizing the risk of employer liability. HR should ensure that the monitoring is narrowly tailored, that the need is supported by a legitimate business justification and that employees understand they have no reasonable expectation of privacy. Letting employees know that they will be monitored removes employees’ reasonable expectation of privacy — the element that often forms the basis for invasion of privacy lawsuits arising under common law.

jim owens cisive

James C. Owens
President and CEO

California Courts Change Contractor Test for Employers


A growing number of companies are opting to hire and employ contract and project-based workers in lieu of permanent employees for a number of reasons including increased workforce flexibility and the lower costs including employee perks, training and benefits.

An Intuit report showed that contingent workers of all types (temporary employees, independent contractors, project-based gig workers and on-demand workers) make up 36 percent of the workforce, and are expected to reach 43 percent by 2020. Around 80 percent of large corporations plan to substantially increase their use of contract employees.

Relying on a contingent workforce invites some risk. Most notable is the government’s scrutiny of such relationships to ensure that these workers are truly contractors and not employees whose pay would be subject to various withholding taxes. Uber paid millions of dollars in settlements of class-action lawsuits from drivers who argued that they should be classified as employees and entitled to employee benefits.

The California Courts Legal Ruling

The most recent legal shakeup involves the state of California. In late April, In a ruling with potentially significant consequences for the gig economy, the California Supreme Court made it much more difficult for companies to classify workers as independent contractors rather than employees.

According to The New York Times, Dynamex Operations West, Inc. v. Superior Court could require companies like Uber, many of which are based in California, to follow minimum-wage and overtime laws and to pay workers’ compensation and unemployment insurance and payroll taxes, potentially upending their business models.

Industry executives have estimated that classifying drivers and other gig workers as employees tends to cost 20 to 30 percent more than classifying them as contractors. It also brings benefits that can offset these costs, though, like the ability to control schedules and the manner of work.

The primary change in California independent contractor law is the state requirement that adopts a modified “ABC” test for determining whether an individual is an employee under the Wage Orders. This new independent contractor test is modeled on Massachusetts’ independent contractor statute, which is considered the strictest in the country.

California courts and state agencies have long applied what is known as the “Borello test” for determining whether a worker was an independent contractor under the Industrial Welfare Commission Wage Orders. This flexible, multi-factor approach looked primarily at whether the hiring entity had a “right to control” the manner in which the worker performed the contracted service, along with eight other “secondary” factors, such as whether the worker was engaged in a distinct occupation or business, the skill required in the particular occupation, and whether the worker or the hiring entity supplied the tools used to perform the work and the place where the work was performed.

The New Three-Factor Test and Approach

Despite the Borello test being used for decades for Wage Order cases, the California Supreme Court rejected it in favor of a more rigid three-factor approach, called the “ABC” test.  Under this new test, a person will be considered an independent contractor only if the hiring entity can prove all three of the following:

(A) that the worker is free from the control and direction of the hiring entity in connection with the performance of the work, both under the contract for the performance of the work and in fact;

(B) that the worker performs work that is outside the usual course of the hiring entity’s business; and

(C) that the worker is customarily engaged in an independently established trade, occupation, or business of the same nature as the work performed.

It remains to be seen how California courts will apply this new independent contractor test, or if the standard or its application will be limited by federal law (like the Federal Aviation Administration Authorization Act, or FAAAA, has limited the standard in Massachusetts when applied to certain arrangements involving motor carriers of property). Regardless, companies should expect that it will be more difficult to prove that an individual was classified as an independent contractor under California wage and hour laws.

Although the California Dynamex court case only considered the relevant test for wage order claims, worker classification issues are relevant in many other contexts, such as tax, workers’ compensation, and wage-and-hour claims derived from a source other than the wage orders. This decision is a seismic shift for California wage and hour law and class litigation. The court now imposes a burden on businesses to defend their classification of workers as independent contractors. Misclassification of such workers can result in significant legal exposure with respect to wage and hour compliance.

For federal compliance, to properly classify a worker as an employee or independent contractor, carefully review the IRS’s guidance on contractor and employee designations prior to making a classification decision. Misclassifying a worker as an independent contractor can result in penalties as well as back pay for benefits and taxes. The IRS can help employers determine the status of their workers by using Form SS-8, Determination of Worker Status for Purposes of Federal Employment Taxes and Income Tax Withholding. IRS Publication 15-A, Employer’s Supplemental Tax Guide, is also an excellent resource.

Compliance Changes for California and Hiring Contract Workers

The new contractor test in California adds another layer to compliance. The new “ABC” standard is likely to place a heavy burden on companies with independent contractors in California. Companies that engage and hire contractors should involve their legal department or consult legal counsel to review the relationship with their contractors under the “ABC” test. Factor B, in particular, may be troublesome for any entity that uses independent contractors for its main service or product (such as delivery drivers hired by a delivery service company, cake decorators for a bakery, or at-home seamstresses for a clothing manufacturer).









Hiring and Recruiting in a Post-GDPR Era


Now that the EU General Data Protection Regulation (GDPR) is in effect (as of May 25, 2018) the time to be proactive has passed. Companies must now focus on compliance with the regulation, particularly in HR and recruiting, which rely heavily on candidate data.

GDPR Recruiting & Hiring Recap

To recap, the GDPR was designed as a replacement for the Data Protection Directive 95/46/EC with the purpose of reconciling country-specific and sometimes conflicting European data privacy laws. Most importantly, it aims at changing the way organizations operating in the EU, or those collecting personal data from EU residents, approach data privacy. It also provides a harmonization of the data protection regulations throughout the EU, in theory making it easier for American companies to comply. However, the new regulations mean it is now unlawful to use an EU resident’s data without his or her explicit consent.

It’s important to note that the GDPR isn’t just about companies who hire in the EU. It’s also about employers who are employing EU residents wherever they may live. The GDPR applies worldwide as to any company that offers goods or services (even if they are free) within the EU or collects, processes, or maintains (anywhere) personal data about European residents. Recruiters are going to need to restructure candidate engagement, sourcing and recruiting programs that focus on candidate data, recruiting and HR technology, and refocus on building compliant candidate and employee relationships.

How GDPR Impacts You and Your Recruitment Vendors and Technologies

From the application process to background screening, companies recruiting or employing EU residents must adhere to strict regulations with regards to data. Under GDPR, you are required to ask for explicit consent, clarify how you will use individual candidate’s data, and make sure that the data remains secure. This involves more than simply adding a clarification and a checkbox to data collection forms. Your vendors – such as your ATS, payroll, and recruiting software, must also be GDPR compliant.

GDPR introduces direct obligations for data processors for the first time. Processors will also now be subject to penalties and civil claims by data subjects. This means that, if you haven’t already, it’s imperative that HR and recruiting leaders speak with and understand if their vendors and partners are taking steps to be compliant with GDPR.

Below is a short list of questions that you should ask your vendors and partners in relation to GDPR compliance. It’s imperative that your HR technology vendor is compliant with the new regulations, as well as liability for violations and noncompliance.

  • Have their contract terms changed with GDPR?
  • What level of consent do you seek when applicants submit their data?
  • Process for storing, collecting, & deleting data
  • Timeline for auto deletion – circumstances & data type
  • What is documented timeline for keeping data?
  • What processes exist to keep data up to date?
  • Have they appointed a data protection officer?

Do You Need a Data Protection Officer?

In relation to the last question above, Section 4 of GDPR outlines the requirement for applicable entities to appoint a data protection officer (DPO). According to Article 37(1), data controllers and processors shall designate a DPO where:

  1. The processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
  2. The core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
  3. The core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

Most firms required to appoint a DPO would fall under sub paragraphs (b) and (c). Article 39 outlines five minimum tasks that the DPO must perform:

  1. Inform and advise firms and employees who carry out data processing on applicable data protection provisions
  2. Monitor compliance with the GDPR, other data protection provisions, and additional internal data protection policies; this includes training and auditing
  3. Advise on data protection impact assessment (DPIA)
  4. Cooperate with the supervisory authority
  5. Serve as main contact for the supervisory authority

A word of caution: In many cases the business can be both data controller and data processor. However, because the GDPR makes the distinction, we’d like to consider the shared responsibility of both parties.

Companies that determine the means of processing personal data are controllers, regardless of whether they directly collect the data from data subjects. For example, a recruiter (controller) collects the data of its clients when they apply for a job, but your recruiting technology (processor) stores, digitizes, and catalogs all the information. These companies can be ATSs or full-suite recruiting software companies. Both organizations (controller and processor) are responsible for handling the personal data of these customers.

Recruiting Strategy Changes Post-GDPR

Because short-term recruiting programs, or what we refer to as “reactive recruiting,” will come at a price due to the GDPR, HR teams must focus on building candidate relationships and providing value for the long term. The value of building relationships, sharing information, and providing resources will be more important than ever in order to engage and recruit candidates.

Related: GDPR Compliance in the Background Screening Process

If you’ve already begun adapting your recruiting model to GDPR compliance, you’re probably ahead of other companies when it comes to compliance and hiring. The consulting firm Gartner estimates that more than half of the companies that are subject to the GDPR will not be in compliance throughout this year. They will be at risk.

If you’re in the half that is not yet compliant with the GDPR, consider it an opportunity to revamp your current practices and candidate outreach.

HR is already tasked with a lot of compliance responsibilities, many of which are not of its own making. It can be process-driven and this might be a great time to consider splitting the department into two areas: compliance (the processes) and HR (the human side), or clearly defining when to use technology, and when to put people back into the mix. With the right balance, HR teams can be more productive, more engaged, and use the human element to attract and retain top talent.

And yes, the GDPR is primarily about data. But it’s also timely to note that at the heart of appealing to candidates is that humans don’t want to BE data; but they do want more control over how their data is used. A phone call or personalized response can mean the difference between considering a role at your company or moving on for a candidate.

The solution to adapting your recruiting and hiring processes isn’t more technology; it’s better technology that has data compliance and support in mind. When it comes to GDPR in recruiting and hiring, your tech should not only comply with new regulations, but also support the broader mission of the recruiting and hiring side of your organization. This gives you the peace of mind on the compliance side allowing you to focus on improving your hiring processes and candidate quality.

When it comes to pre-employment and post-employment background screening, Cisive GDPR compliant.  If you are an existing Cisive client and have questions concerning GDPR compliance in your background screening program, please contact your Cisive Customer Service Representative.  For those of you who have not yet experienced the benefits of Cisive and are interested in learning more, please call us at 1.866.557.5984.

Rob Jones
VP and General Manager
Global Executive Intelligence Division


Cisive will be exhibiting at UNLEASH America

Are you attending UNLEASH America?

Considering a change to your background screening provider?   Stop by the Cisive exhibit #210 at UNLEASH America and learn why many of the world’s largest companies trust Cisive to handle all of their employment screening needs.

Cisive has deep experience in serving the complex challenges and program needs of large enterprises and regulated organizations.   If accuracy and reliability are paramount in your candidate screening program, then look no further.

  • Ready for GDPR? At Cisive, we are prepared for GDPR and stand alongside our clients and assume responsibility for implementing and managing employee screening procedures in compliance with GDPR.
  • Making a change to your ATS?  No problem.  Cisive has partnerships and pre-configured integrations with all of the leading enterprise ATS providers.

So, if you’re current background screening provider is only good at making apologies, come meet us and learn about the Cisive difference.

Cisive to the Rescue!                                                  

Don’t forget to come by and pick up your Cisive First Aid Protection kit.

We hope to see you in Las Vegas!


Las Vegas, NV
May 15-16, 2018

How to Effectively Manage the Background Screening Process for a Growing Contingent Workforce

An Intuit report showed that contingent workers of all types (temporary employees, independent contractors, project-based gig workers and on-demand workers) make up 36 percent of the workforce, and are expected to reach 43 percent by 2020. Around 80 percent of large corporations plan to substantially increase their use of contract employees.

A contingent worker in the extended workforce may be engaged for a particular project or for a specific time period and paid by a third-party agency, such as a staffing firm, a Professional Employer Organization (PEO), or firms that specialize in managing extended workforces.

Between 2009 and 2012, according the Bureau of Labor Statistics, the number of temporary employees rose by 29%. A survey of the 200 largest companies found that temporary workers represented, on average, 22% of their workforce, and that percentage is growing. Workers from all different industries (not just tech) are discovering that they’re able to be productive outside of the corporate office and without a long-term employer. And employers are finding that hiring contract workers increases efficiency and flexibility, plus they cost less and turn employment expenses into variable costs.

With this rapidly growing contingent talent pool, employers will need to adapt their screening processes. Contract freelancers have access to your software, your physical location and other valuable organizational assets. Whether it is a freelance graphic designer or a contract engineer for your growing IT department, your organization should do their due diligence.

These individuals are critical to the success of your organizations and their numbers are growing — making it even more important to establish a background screening process for your contingent and gig workers. According to SHRM, employers screening the contingent and extended workforce has nearly doubled in the last five years from 48 percent in 2011 to 81 percent.

Where to begin?

1) Create a contingent workforce background screening process and flow for others to follow. This should include the agency or other business your company may use to hire contractors, whether temporary or contract-to-hire.

The same level of screening used for similar positions should be used for a position that is to be filled by a non-traditional worker or else the firm may be subject to allegations of disparate treatment of similarly situated people.

2) Transparency. Be upfront with your desire to do a background screen and include the language in any job postings.

3) Ensure compliance. Follow the Fair Credit Reporting Act guidelines. The fact that this background screen is for a gig worker and not a permanent employee doesn’t change FCRA compliance requirements.

Some states have passed laws requiring criminal background checks of gig workers such as Uber and Lyft drivers, and the EEOC announced that it would focus additional attention on the complex employment relationships in the emerging gig economy.

All of the rules of due diligence apply with equal force if a member of the extended workforce causes harm. Business can be liable if – in the exercise of reasonable care – they should have known that a member of the extended workforce was too dangerous, unqualified, or otherwise unfit for employment.

4) Communicate often. Just like candidates your contractors are in demand, making the ability to move quickly important as is the ongoing communication process. With the rapid growth of the contingent workforce, contractors have many opportunities to choose from; communication and transparency can make your company stand out.

Using screening technology that integrates well with HR systems and requires less effort from candidates will be a key step toward improving the user experience.

5) Measure and re-evaluate your process often. Is your process consistent? If you use an agency, what screening process do they have in place? And, most importantly, is the screening process creating a bottleneck for your potential contractors?

Employers should also consider using background screening providers that undergo an annual Service Organization Control, or SOC 2, audit from the American Institute of Certified Public Accountants to ensure high standards for the protection of privacy, security and confidentiality of consumer information used for background checks.

Finally, employers should subject any workers from the extended workforce to the same screening as would be done with a regular employee. A best practice is to have the same firm that performs the background checks on regular employees to also perform them on the extended workforce.

Make sure that you are properly screening your prospective contingent workers, vendors, or independent contractors. Cisive’s vendor screening program helps companies ensure that contingent workers and vendors meet specified corporate standards relating to licensing, insurance, compliance, and other minimally acceptable personal and corporate standards.

To learn more about Cisive’s vendor screening program, contact us at 1-866-557-5984 or email

How to Find and Identify Fraud in the Hiring Process


According to the Federal Trade Commission, employment- or tax-related fraud — when a criminal uses someone else’s Social Security number and other personal information to gain employment or to file an income tax return — made up 34% of all fraud reports in 2017. It’s considered the most common form of data theft. Why? An increase in data breaches.

Candidate and Hiring Fraud Explained

Data breaches expose sensitive personal information including SSN, driver’s license, medical and/or financial records for millions of consumers. This combined with advancements in graphics technology, has made it easier for a deceptive candidate to falsify a government-issued ID and assume another person’s identity.

The Identity Theft Resource Center collects fraud reports from consumers. According to its most recent data, the number of data breaches reported for 2017 was 1,579, a 45 percent increase over 2016. Businesses continued to suffer the majority of breaches and more than eight times the number of Social Security numbers were exposed in 2017 than in 2016.

Identity Fraud vs Resume Fraud

Identity fraud is more than simply exaggerating credentials on a resume. Identity fraud means that someone is using another person’s social security number, fake identification, and other personal information to obtain a legitimate job.

Resume fraud is shockingly common: two out of three employers have encountered an applicant lying on their resume. This type of fraud wastes expensive recruiting resources, denies job opportunities to qualified applicants, and can expose a company to potential employee fraud and brand damage down the road. However, resume fraud is easier to detect than identity fraud. Most background check providers can verify specific details like an applicant’s degree, graduation date, job title, and salary.

When an identity thief uses a victim’s name and social security number to gain employment, the employer reports the wages to the IRS for income tax purposes. When the IRS discovers employer-reported wages from both the thief and victim, there is a mismatch with what the victim filed and it appears they didn’t report all of their wages. This type of fraud is much more difficult and time-consuming to detect, and often takes months or years to catch. It’s also a lot more prevalent than you’d think.

A 2017 report from the Treasury Inspector General for Tax Administration found the IRS failed to identify 497,248 victims of employment-related identity theft, even though criminals electronically filed tax returns with evidence showing they used the victims’ Social Security numbers to gain employment.

How to Prevent Identity Fraud in the Hiring Process

Don’t Skip the Background Check

Even the most convincing looking documentation could easily be fake, and if you’re taking any credentials or documents at face value, you might already be at risk. The more sophisticated the fraud and the higher the position, the more damage and cost there is likely to be, and it’s significantly harder for the authorities to catch someone if they have no idea who they are chasing.

Background checks can be an excellent resource to help find red flags that may indicate false documentation. These kind of checks can be even more telling when information isn’t found, such as missing employment history, lack of social media presence, and so on. Criminal background checks are also necessary, but a good identity thief will likely pass with flying colors.

Identity-Based Detection

Identity-based systems can help detect employment fraud. They expand fraud detection significantly beyond the traditional rules-based system by accessing national repositories of identity information.

Identity-based detection is powerful because it does not treat self-reported data as the truth. For example, a common rule in many rules-based filters is to match the name, SSN and address from the presented information with the name, SSN and address on-file. This rule ensures that an applicant’s self-reported data aligns with the other information held by the agency. But matching data does not confirm an individual’s eligibility. However, because this type of fraud takes so long to detect, common fraud schemes may involve fabricated or false identities that have been nurtured through multiple filings over the course of years.

Where Technology Comes In

Recruiters rely heavily on technology, and so do job applicants. In fact, the very thing that streamlines the online job application process is the same thing that makes it easy to use stolen identities to apply for jobs. One of the newest technologies available to the private sector is identity verification with biometrics.

Biometric recognition technology relies upon the physical characteristics of an individual, such as fingerprints, voiceprint, pattern of the iris of the eye and facial pattern, in identifying an individual, offering positive identification that is difficult to counterfeit. This will also increase traceability of nefarious individuals or stolen identities.

Facial recognition is an automated method to record the spatial geometry of distinguishing features of the face. Different methods of facial recognition among various vendors all focus on measures of key features. The advantages to facial recognition include the use of commonly available technologies, such as phone cameras, no contact required, and it’s easy for humans to verify results. It’s also recordable, as the characteristics of an individual cannot be collected without their consent.

Many companies offer some sort of identity authentication for the hiring process, but biometrics is still new to the private sector. Companies like Cisive have gotten ahead of the game and offer the Human Resource industry’s first identity authentication solution, IDVerityTM is a state-of-the-art technology that forensically authenticates a candidate’s identity by validating the authenticity of their government issued ID and compares it to a candidates’ self-photograph taken on their mobile device.

The solution combines artificial intelligence (AI) technology including ID verification that authenticates the ID and identity verification using biometric facial recognition, liveness detection and live verification experts, to provide a complete solution to verify the real-world identity of a candidate. The balance of AI and human review is a critical component to keeping employers globally compliant.

All employers need to guard against insider threats, especially those perpetrated by persons using a fraudulent identity.

To learn more about Cisive’s IDVerity solution or to request a demo, contact us at 1-866-557-5984 or email



David Hair
Product Manager, Cisive

How to Handle Harassment in the New Workplace

Hostile Work Environment


In the era of #MeToo, the subject of workplace harassment is a complicated one. It’s no longer enough to have an open door policy or a 1-800 number to anonymously report concerns. Companies must take deliberate measures in order to educate, train, and anticipate how workplace harassment might happen, how to conduct the employee investigation, and the different ways in which incidents might occur and how they should be handled.

Workplace harassment isn’t just sexual harassment. In fact, in the era of technology social media and electronic communication, workplace harassment isn’t limited to office behavior like bullying, snide comments, or cold stares. Behavior that creates a hostile work environment can impact employees that work remotely if the harassment takes the form of online trolling or abuse. In this post, we’ll define workplace harassment and explore how to handle violations in order to protect your employees as well as your company.

jim owens cisive
James Owens, President and CEO

Defining Workplace Harassment
In the United States, Canada and in some European Union Member States, employers are responsible for providing their employees with a work environment that does not discriminate and is free of harassment. According to the United States Department of Labor, there are two basic types of unlawful harassment.

(1) Quid Pro Quo Harassment (“This for That”)
Quid pro quo harassment generally results in a tangible employment decision based upon the employee’s acceptance or rejection of unwelcome sexual advances or requests for sexual favors, but it can also result from unwelcome conduct that is of a religious nature. This kind of harassment is generally committed by someone who can effectively make or recommend formal employment decisions (such as termination, demotion, or denial of promotion) that will affect the victim.


  • supervisor who fires or denies promotion to a subordinate for refusing to be sexually cooperative;
  • supervisor requires a subordinate to participate in religious activities as a condition of employment;
  • supervisor offers preferential treatment/promotion if subordinate sexually cooperates or joins supervisor’s religion.

(2) Hostile Work Environment Harassment
A hostile environment can result from the unwelcome conduct of supervisors, co-workers, customers, contractors, or anyone else with whom the victim interacts on the job, and the unwelcome conduct renders the workplace atmosphere intimidating, hostile, or offensive.

Examples of behaviors that may contribute to an unlawful hostile environment include:

  • discussing sexual activities;
  • telling off-color jokes concerning race, sex, disability, or other protected bases;
  • unnecessary touching;
  • commenting on physical attributes;
  • displaying sexually suggestive or racially insensitive pictures;
  • using demeaning or inappropriate terms or epithets;
  • using indecent gestures;
  • using crude language;
  • sabotaging the victim’s work;
  • engaging in hostile physical conduct.

When Harassing Conduct Violates the Law

First, unlawful harassing conduct must be unwelcome and based on the victim’s protected status. Second, the conduct must be: subjectively abusive to the person affected; and objectively severe and pervasive enough to create a work environment that a reasonable person would find hostile or abusive.

Whether an instance or a pattern of harassing conduct is severe or pervasive is determined on a case-by-case basis, with consideration paid to the following factors: the frequency of the unwelcome discriminatory conduct; the severity of the conduct; whether the conduct was physically threatening or humiliating, or a mere offensive utterance; whether the conduct unreasonably interfered with work performance; the effect on the employee’s psychological well-being; and whether the harasser was a superior within the organization.

Hostile work environment cases are often difficult to recognize, because the particular facts of each situation determine whether offensive conduct has crossed the line from “ordinary tribulations of the workplace, such as the sporadic use of abusive language… and occasional teasing” to unlawful harassment.

What You Can Do to Limit Harassing Conduct

The most effective way to limit harassing conduct is to treat it as misconduct, even if it does not rise to the level of harassment actionable under the law. The goal of any workplace policy is to eliminate harassment before it becomes severe and pervasive enough to violate the law. A well constructed and well-implemented plan within an organization may stop inappropriate conduct before it creates a problem for individual employees or the company. Below is a list of steps you can take right now to ensure your company is compliant with harassment laws, as well as making it easy for employees to report incidents without fear of retribution.

1) Make sure your policy is up to date and that all employees have reviewed it, acknowledged it (via document signature), and are aware of any updates or changes to the policy as soon as they occur. Update and reissue the policy statement every year, and provide training every year. Obtain a signed acknowledgment form from every attendee indicating she understands the company policy against harassment and retain signed acknowledgments in employment files stored in the human resources department.

2) Provide ongoing training for managers and employees. An effective presentation is made up of three pieces: a review of the basics, real world harassment scenarios and a chance for participants to interact and share their ideas. Even if you feel like your participants have of a good grasp on harassment basics, it’s important to build your presentation around familiar terms and concepts. Never forget to cover things like the definitions of quid pro quo, hostile work environment, retaliation and other well-known harassment terminology. For most supervisory employees this will be review. The key is to give them a chance to apply their knowledge.

See more at How to Design an Engaging Workplace Harassment Training.

3) Establish a variety of reporting channels, such as an anonymous 1-800 number, a form on your employee portal, or a generic email address like that makes it easy and provides employees an opportunity to feel more comfortable to talk to HR about the harassment that is happening, whether it’s to them or someone they know in the workplace.

4) All complaints should be investigated thoroughly, providing a standardized process for the person filing the complaint to follow up, even if the complaint is made anonymously. Management must take prompt, remedial action to investigate and eliminate any harassing conduct. Note that several litigated harassment claims include allegations that an employer sat on a complaint without fully investigating it. All information should be maintained on a confidential basis to the greatest extent possible.

5) Investigation records should be kept and quarterly reviews should take place to determine if a pattern of behavior or harassment exists. From SHRM: “If an investigation results in a finding that this policy has been violated, the mandatory minimum discipline is a written reprimand. The discipline for very serious or repeat violations is termination of employment. Persons who violate this policy may also be subject to civil damages or criminal penalties.”

6) Don’t forget harassment outside of work. In the age of digital and social media, harassment can happen on social media platforms. The U.S. Equal Employment Opportunity Commission (EEOC) recommends that workplace anti-harassment policies incorporate dealing with social media. Even if employees post harassing or derogatory information about coworkers away from the workplace, for example, an employer may be liable for a hostile work environment if it was aware of the postings, or if the harassing employee was using employer-owned devices or accounts. As a result, the EEOC found that “harassment should be in employers’ minds as they draft social media policies and, conversely, social media issues should be in employers’ minds as they draft anti-harassment policies.”

7) Use your background screening process to help spot possible offenders during the hiring process. While criminal history searches will identify known criminal offenses, there are also other ways to help uncover potential risk. Consider adding employment verifications, reference checks, professional credential checks and social media searches to your current background screening program.

Employment Verifications can help uncover whether the candidate has ever been released for harassment in the past. Reference checks provide you with subjective information about an applicant. If there have been problems with harassment in the past, it will likely continue. Should the candidate’s position require a license(s), then a check of the license(s) may identify previously identified violations and/or sanctions

In addition, Social Media searches can also help companies who are concerned with harassment and mitigating risk. A combination of artificial intelligence, machine learning, and human-based quality assurance automatically highlights red flags in your candidate’s social media activity which may reference aggressive or violent acts, bigotry, unlawful activity, illegal drugs, discriminatory or sexually explicit activity, or any “custom risk” you feel may have a negative impact.

Note that this post is intended to provide resources and information; it should not be construed as a legal document, nor has it been reviewed by legal counsel. Employers should review federal and state anti-harassment provisions before implementing any new anti-harassment policy.

The Impact of the Extended Senior Managers Regime on Screening Requirements

Senior Manager's RegimeThe Senior Managers Regime (SMR) is part of the UK financial regulation introduced by the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) and is aimed at increasing personal accountability of senior level people in the financial services industry. The SMR was initially implemented in the banking sector after the 2008 financial crisis, considered the worst economic crisis since the Great Depression. The SMR’s purpose is to reduce consumer risk and strengthen market integrity by holding financial services managers in senior positions accountable for their conduct and competence. The SMR covers both domestic and international firms with UK operations.

The FCA’s expanded scope of SMR requirements will go into effect May 2018, and extends beyond the banking industry to include insurers and solo-regulated firms. Some facets of the current banking regime will also be affected. This will significantly increase the number of firms required to comply and bring an end to the current Approved Persons Regime (APA).

Individuals working in a ‘Senior Management Function’, as defined by the FCA, must be approved by the FCA before taking on the responsibilities of the role. In addition, firms will need to ensure the suitability of the Senior Manager by completing a ‘fit and proper’ assessment.

As a result, firms need to certify at least annually that senior managers are suitable to perform their job functions. It is proposed that firms should perform criminal record checks for each Senior Manager and obtain a ‘regulatory reference’ from the Senior Manager’s previous firm.

At Cisive, we are experts in the specific risks and regulations that apply to regulated industries. For many years, we have provided tailored solutions to meet the unique requirements of our financial services clients.

In 2017 we opened an international operations centre in London, England to manage our global screening business. We recognize the specific challenges that our clients with a UK presence face, from managing Brexit contingency planning, to implementing General Data Protection Regulation (GDPR) compliant procedures, dealing with MiFID 2, in addition to preparing for SMR changes.

At Cisive we are prepared for the extended SMR and GDPR regulations and will contractually support you as a data controller in the background screening process. As a data controller, we will stand alongside our clients and assume responsibility for implementing and managing employee screening procedures in compliance with GDPR.

Cisive has rolled out a suite of SMR specific screening solutions to help ensure efficient and effective application of the new regulations. Our Senior Manager Regime solution includes:

  • Digital, touch-free inbound and outbound Disclosure and Barring Service checks for basic and standard disclosures
  • Continuous criminal monitoring service
  • FCA ‘fitness and propriety’ package
  • Regulatory reference regime compliant service
  • Education and employment checks performed by our UK-based team
  • Full GDPR compliance and indemnification

If you are a financial services institution providing financial services in the UK, any and all employees considered senior decision makers fall under the scope of the new regulation.

With more than 40 years of experience, Cisive offers the most efficient and effective solution for the financial services industry.

For more details or to further discuss how Cisive can help your organization meet the extended requirements of the GDPR and Senior Manager Regime, please contact us at +1 866-557-5984 or email



Rob Jones
VP and General Manager
Global Executive Intelligence Division