Background Checks for the Legal Industry
More than 30% of candidates’ resumes have some form of discrepancies and in some countries this figure can be even higher. This warrants a thorough background check on legal professionals and other staff before hiring and engaging them.
Character reference checks with the references given by the candidates are pointless to a certain extent and though HR or Talent Acquisition leaders acknowledge this, they still continue this age-old practice. Personal references are even more limited in value as these opinions can’t possibly add any useful insights into the candidate’s work capabilities. Friends will “pay it forward” in exchange for similar “favours” in future. This is exactly why some of the endorsements and recommendations on LinkedIn have started to lose popularity in Asia. If the reference checks are done with the Candidate’s previous employer(s) and more precisely his/her supervisors, then this becomes a more valuable exercise. The check should have detailed parameters covering the various skill-sets required for the role.
Some industries such as the Banking-Financial Services-Insurance industry have very stringent requirements when it comes to background checks and due diligence checks. There are several considerations and capabilities background screening vendors (we will refer to them as BGS Vendors in this article) need to have in place to be able to serve the regulatory segment. This article is written based on the author’s experiences gained whilst working with international law firms.
Regardless of whether organisations use head-hunters or acquire talent themselves, character reference checks should be replaced by a thorough background check consisting of employment details and employment performance. Legal organisations need to acknowledge the insufficiency of character reference checks and migrate to the detailed checks. This will ensure that Candidates of the highest “integrity” are employed. Adding to this, BGS Vendors are also able to conduct the following:
- Criminal related checks: Criminal check, Civil Litigation check, Adverse media check, Global Sanction check and Identity check.
- Finance related checks: Credit, Financial regulatory and Bankruptcy checks.
- Social Media Checks
Understanding Different Types of Checks for Different Roles
Not all background checks need to be conducted on all roles as the risks associated with the roles vary. Each legal organisation might have its own policy based on its risk management policy. We have seen legal organisations mainly order the below checks on individuals (though it varies case to case):
- Employment details and performance
- Education and Professional Certificates
- Civil Litigation, Criminal Checks
- Global Sanctions and Watchlist
- Conflicting Directorships
- Social Media Checks
The scope of each of the checks can be found here.
Processes and Documentations to be in Place
To serve legal industry, BGS Vendors need to have minimum standards in the below-mentioned areas. This list is not exhaustive.
- Legal Clients’ data and their candidates’/employees’ confidential data should be housed in a highly secured environment as any lapse in security will yield huge consequential damages. The server farm holding the data should preferably be compliant with ISO27001/02 Information Security Management System (ISMS) Standards.
- IT security needs to be air-tight. This includes logical/access security, cyber security, information security and network security. All the machines including laptops and desktops should be protected to avoid any cyber-security breaches.
- The operations centre where the BGS Vendor’s researchers function should have a fully documented Business Continuity Plan and Disaster Recovery (BCP/DR) policy framework. Test results should be made available. There should be high standards of physical and administrative security processes in place too. For example, the centre should be completely paperless and the staff should not be able allowed to bring phones or cameras or storage media that may facilitate capturing of sensitive data.
- An Audit Report of the BGS Vendor’s operations should be made avail to the Legal clients.
- If there is an application used by Legal clients to load and manage orders with the BGS Vendors, that application should have complete testing reports. That application too should be hosted in an ISMS compliant environment.
- Change Management and Risk Management processes should be completely documented and shared with the Legal clients.
- BGS Vendors should have a Comprehensive Indemnity Insurance coverage to cover their Legal clients on civil liability related to breach of services.
- Personal Data Protection Act needs to be adhered to and that should be clearly exhibited in the Consent letters used as well.
- Anti-corruption/bribery, Gift and Education Policy, Anti-Human Trafficking and Anti-slavery are some areas some legal clients might want to see documented policies.