It is a well known that Banking-Financial Services-Insurance industry (BFSI for short) has the most stringent requirements when it comes to reference checks, background checks and due diligence checks. There are several considerations and capabilities background screening vendors (we will refer to them as BGS Vendors in this article) like Avvanz need to have in place to be able to serve the highly regulated BFSI industry.
Within the BFSI industry, we have learnt that the banks have the most compliance obligations compared to other Financial Solutions and Insurance verticals. Henceforth, I will address the banking vertical’s securities, frauds and risk requirements and that should act as a reliable super arching representation of the other two verticals.
Understanding of different types of checks for the different roles
Not all background checks need to be conducted on all roles as the risks associated with the roles vary. Each BFSI client might have its own policy based on its risk management policy. The below Matrix is based on Avvanz’s experiences with our various BFSI clients. BFSI clients can consult BGS Vendors for the most optimum mix of checks for the various roles.
The scope of each of the checks can be found here. Some of the checks that might not be common in regions like in the Americas include Civil Litigation, Conflict of Directorship, Adverse Media and Social Media checks. Why BFSI clients need these checks?
Civil Litigation – Unlike criminal record checks, civil litigation histories are comprised of civil lawsuits involving the subjects (candidates / employees). BFSI clients might want to uncover if the subjects have any workers’ compensation claims related cases, financial frauds where no criminal charges were pursued by the jurisdiction (for whatever reason it might be) and financial risks (in case employees can apply for special staff-discounted bank loans).
Conflicting Directorship – Conflicts of interest may arise as a result of the various activities and roles of the bank like for example, a bank might enter into a business relationship with an entity in which one of the bank’s board members has a financial interest. Board or Executive Management candidates should not have any conflicts of interest that may impede their ability to perform their duties independently and objectively. Even if there is a conflicting interest, we need to understand the company background.
Adverse Media vs Social Media – In certain jurisdictions, the regulatory authorities even specifically state that adverse news need to be examined and evaluated. This will be in addition to Global Watchlists and Sanctions. It is a critical KYC component as well. An example of a result from adverse media screening could be a story linking a subject to an emerging issue on tax evasion and fraud. This is an additional data point to ensure reputational protection of the BFSI company. On the same token, recently there has been interest to conduct social media checks as well to check for a cultural fit to the organization. We have seen a BFSI client of ours reject a candidate due to “nude modelling” which culturally didn’t sit well with them. For client facing roles in BFSI industry, such behaviours might be conflicting with the image that needs to be projected.
Processes and Documentations to be in place
To serve BFSI, BGS Vendors need to have minimum standards in the below-mentioned areas. This list is not exhaustive. (Avvanz can share checklists if requested at firstname.lastname@example.org).
- BFSI Clients’ data and their candidates’/employees’ confidential data should be housed in a highly secured environment as any lapse in security will yield huge consequential damages. The server farm holding the data should preferably be compliant with ISO27001/02 Information Security Management System (ISMS) Standards.
- IT security needs to be air-tight. This includes logical/access security, cyber security, information security and network security. All the machines including laptops and desktops should be protected to avoid any cyber-security breaches.
- The operations centre where the BGS Vendor’s researchers function should have a fully documented Business Continuity Plan and Disaster Recovery (BCP/DR) policy framework. Test results should be made available. There should be high standards of physical and administrative security processes in place too. For example, the centre should be completely paperless and the staff should not be able allowed to bring phones or cameras or storage media that may facilitate capturing of sensitive data.
- An Audit Report of the BGS Vendor’s operations should be made avail to the BFSI clients.
- If there is an application (like Avvanz ScreenGlobal) used by BFSI clients to load and manage orders with the BGS Vendors, that application should have complete testing reports. That application too should be hosted in an ISMS compliant environment.
- Change Management and Risk Management processes should be completely documented and shared with the BFSI clients.
- BGS Vendors should have a Comprehensive Indemnity Insurance coverage to cover their BFSI clients on civil liability related to breach of services.
- Personal Data Protection Act (or FCRA) needs to be adhered too and that should be clearly exhibited in the Consent letters used as well.
- Anti-corruption/bribery, Gift and Education Policy, Anti-Human Trafficking and Anti-slavery are some areas some BFSI clients might want to see documented policies.
As mentioned, there are several other risk and compliance related areas BFSI clients request for. To gain more knowledge in this area, feel free to reach Avvanz.
The author, Kannan Chettiar, is Managing Director of Avvanz. Avvanz is able to conduct background checks at a global level and uses ScreenGlobal platform through which clients can view/select/order checks in a minute.