If the FCRA is the granddaddy of all the laws and regulations regarding background checks, the EEOC’s 2012 background screening guidance is probably the great-uncle that you really need to get to know better.
Since 1987, the EEOC has noted that minorities in the U.S. are more likely to have a criminal record, and that facially neutral background screening policies of not hiring anyone with a criminal record may have a disparate impact on these minorities. (In laymen’s terms: these policies have a tendency to be racist, even though that wasn’t the intention.) For more than 30 years, they’ve held the position that it is unlawful for employers to have a screening policy that disproportionately affects minorities unless there is a valid business reason for the policy.
Specifically, the EEOC’s policy states that if an employer’s screening policy disproportionately affects minorities, then to prove that a hiring decision is based on business necessity, the employermust show that it considered these three factors :
- The nature and gravity of the offense or offenses;
- The time that has passed since the conviction and/or completion of the sentence; and
- The nature of the job held or sought.
With the rise of the prevalence of background checks, the 2012 guidance reaffirmed the EEOC’s 1987 position and provided assistance to businesses on how to ensure that their checks considered these factors and were consistent with business necessity.
Compliance comes down to 7 key steps.
Step 1: Document your overall approach to background screening.
Your goal is to address your business concerns, your policy, and your procedures in writing. The key is to make it clear exactly what you’re doing.
Step 2: Per position, identify licenses and legal barriers.
This part can be a little tricky. As far as the EEOC is concerned, Title VII supersedes local and state regulations. This means that, if you fall under the EEOC’s jurisdiction, having a policy that disparately affects minorities simply because the state requires you to have that criminal screening policy will get you in trouble (Don’t believe us? See Waldon v. Cincinnati Public Schools). On the other hand, if the regulation comes from the federal government, that supersedes the EEOC’s statutes.
So, with this in mind, the federal restrictions can be added to the job description. State, local and industry requirements will require a bit more thought. For each of these, determine whether it is job-related and consistent with business necessity. If the state had a good enough reason to pass a requirement into law, you will probably find that the requirement is both job-related and necessary for your business, regardless of what the state thinks. If so, add these to the job description as well – and if not, get legal advice!
Step 3: Per position, identify risk and mitigation.
For each position, you should identify what risk an employee with specific kinds of criminal history can actually pose in a given position, and what mitigation is naturally built in to the position. So, if your concern is an employee stealing money, you have to ask yourself how much access they will have to the money, and then how much of it is unsupervised. You may want to use a scorecard for each position to capture your level of risk and mitigation. The EEOC will expect at least some documentation of this process. The positive description of the required behavior should then be added to the job description (e.g. “must be able to appropriately and safely handle confidential information”).
Step 4: Group positions.
For this step, you’ll want to group positions that have similar risk profiles – similar regulation, similar risks, etc. Because your evaluation of risk and mitigation can only be approximate, it makes sense to group together positions that are roughly similar, even if they are not exactly the same. For example, a big box retailer might reasonably conclude that the same regulatory requirements and business risks exist for everyone working in its stores, with the exception of its pharmacy (where employees have access to drugs and medical information) and the store manager (who has much wider access to security systems).
Step 5: Identify checks to run and disqualification criteria per group.
Because the groups have similar positions with similar risks, you run the same checks and use the same disqualification criteria within each group. The checks that you select should meet the regulatory requirements and identify employees posing the business risks that you previously identified for the group. The disqualification criteria you create should meet the regulatory requirements and reduce the business risks that you previously identified. Once you identify the checks to run and the criteria you will use to evaluate them for all groups, then go back and compare them to the scorecards you used to evaluate where your risk is across the groups. Generally, the less risk your scorecard identifies, the fewer the checks, the shorter the periods post-conviction for which you exclude applicants shorter, and the higher the severity of the offense. Put another way, you shouldn’t have a group with a lower risk score have more stringent screening criteria.
Step 6: Notify applicants of potentially disqualifying information (Adverse Action).
The EEOC guidance strongly urges you give applicants the opportunity to submit additional information to show that they do not pose a level of risk that your policy identifies as unacceptable. The Fair Credit Reporting Act already requires you to provide applicants with a copy of their report and an opportunity to dispute its accuracy with the background screening agency before you take action on it. The FTC has decided that 5 business days is a reasonable time to wait for a dispute. The simplest way of administering the EEOC’s “individualized assessment” process is to make sure that your pre-adverse-action process includes an opportunity for the applicants to submit information directly to you, asking you to not apply your background screening policy to them.
Step 7: Consider applicant-submitted information.
This goes back to the individualized assessment mentioned in step 6. If an applicant takes the opportunity to provide information and ask for an individualized assessment, you need to consider it – no matter what the evidence is. The EEOC lists the factors you should consider, but you can also consider other factors that you believe are important. The key here is to have the mechanisms in place to conduct a review of anything that the applicant submits, and to ensure that you do not simply repeat the application of your disqualification criteria. It is also important to take steps to prevent disparate treatment of applicants (e.g., intentional racism); for that reason, most companies instituting this process are taking steps like having multiple reviewers.