Australian employers routinely build offshore teams—developers in Vietnam, operations in India, clinical staff in the Philippines, and supply chain experts in China.
In every case, once a hire is made, the Australian employer must know exactly who they are bringing into the organization.
But most Australian HR teams quickly learn that domestic-hire screening processes do not apply to offshore hires. The checks, data sources, privacy laws, and market-specific risks are all different. Running a background check on an offshore hire is not the same as running a domestic one. Most Australian companies find this out the hard way. This guide provides practical, step-by-step advice for Australian companies. For each key offshore market—India, the Philippines, Vietnam, and China—you will learn what checks are standard, the relevant legal requirements, major local risks, and what a compliant screening process involves. Key takeaway: Tailor your screening, compliance, and risk approach to each market for the best results.
Why Offshore Screening Is Not Just a Domestic Check With a Different Postcode
The instinct when hiring offshore is to run the same checks you would run domestically — a criminal record check, employment verification, qualification confirmation — and assume that the process is equivalent. It is not, for three reasons.
The data sources are entirely different. An Australian National Police Check pulls from the ACIC's national criminal records database. It has no visibility into criminal records held by Vietnamese courts, Indian police stations, the Philippine National Bureau of Investigation, or Chinese public security bureaus. Each of those systems is separate, operates under different laws, and requires different processes to access. A domestic check on an offshore hire does not supplement an overseas check. It is irrelevant to that hire's overseas history.
The privacy and consent obligations are layered. When you hire in India, the Digital Personal Data Protection Act 2023 and DPDP Rules 2025 govern how you collect, store, and use candidate data. In the Philippines, the Data Privacy Act 2012 applies. Vietnam has its own personal data protection framework. China has the Personal Information Protection Law 2021. And on the Australian side, the Privacy Act 1988 and the 2024 amendments still apply to the data you receive and store. A compliant offshore screening programme navigates both the source country's laws and Australian law simultaneously.
The risks are market-specific. India has a well-documented diploma mill problem — fake degrees purchased from unaccredited institutions that are difficult to detect without institutional verification. The Philippines has a common name issue with NBI criminal checks that causes delays and false positives. Vietnam changed which government agency issues criminal record certificates as recently as February 2025, which is affecting turnaround times. China has strict data residency requirements that affect how personal information can be transmitted. Each market has its own operational complexity. A provider who knows how to navigate the Indian BGV system may have no relationships with Vietnamese government agencies.
Offshore screening presents a jurisdiction problem, not a volume problem. Key takeaway: Local legal knowledge is essential for effective screening of offshore hires; global reach alone is not enough.
With these jurisdictional differences in mind, let's first look at India—the world's largest offshore talent market and also its most complex to screen.
India: The World's Largest Offshore Talent Market — and Its Most Complex to Screen
India is the dominant offshore destination for Australian companies across technology, professional services, financial services, and business process functions. It is also, by some margin, the most complex market for conducting background screening.
🇮🇳 India
Standard checks: Identity verification (Aadhaar, PAN card), employment history verification, education and qualification verification, address verification, criminal record check (via court databases and local police verification), reference checks. Credit checks for finance roles.
Privacy / consent law: Digital Personal Data Protection Act 2023 (DPDP Act) + DPDP Rules notified November 2025. Written consent mandatory. Employers classified as Data Fiduciaries with binding obligations on purpose limitation, data minimisation, and breach notification. Sensitive data (criminal records, biometrics) requires explicit consent.
Key risk for AU employers: Diploma mills and fake degrees — India sees thousands of cases per year. The UGC maintains a public list of fake universities; degrees from institutions on or similar to this list are frequently encountered in screening. Employment history inflation is also common: approximately 10–13% of BGV checks in India return discrepancies, predominantly in education and employment. Criminal verification is decentralised — there is no single national criminal database equivalent to Australia's ACIC system. Checks must be run across e-courts, local police stations, and state databases separately.
Typical turnaround: Education verification: 5–10 business days (longer for older or regional universities). Employment verification: 3–7 business days (longer if previous employer is unresponsive or has closed). Criminal check: 7–21 business days depending on jurisdiction and whether field verification is required.
The diploma mill issue in India warrants specific attention for Australian employers. India's University Grants Commission (UGC) has published lists of fake universities operating across multiple states — particularly in Uttar Pradesh, Delhi, and West Bengal. These institutions issue degrees that look legitimate and are accompanied by supporting documentation. Without direct institutional verification — contacting the issuing university's registrar and confirming the specific candidate's records — they are difficult to detect from documentation alone.
The DPDP Rules 2025, notified by India's Ministry of Electronics and Information Technology in November 2025, significantly tightened the background screening framework in India. A standalone consent form — not a buried clause in an employment contract — is now the clear standard. The consent must identify the specific checks being run, the purpose of each check, and the third-party providers who will process the data. Blanket consent clauses no longer meet the standard.
Key takeaway: For Australian companies with large India-based teams, DPDP compliance is the responsibility of the Australian employer. You're the Data Fiduciary, so the obligation lies with you—not India.
The Philippines: Australia's Fastest-Growing Offshore Hub — With a Screening Process That Surprises Most Employers
The Philippines is the leading offshore destination for Australian companies building customer-facing, shared services, and BPO functions. The combination of English proficiency, cultural alignment, and time zone proximity has made it the default choice for Australian businesses expanding their support, operations, and professional services teams offshore.
🇵🇭 Philippines
Standard checks: NBI Clearance (National Bureau of Investigation — nationwide criminal check), identity verification, employment history verification, education verification (PSA e-Verification for civil registry documents), reference checks. Drug testing and medical clearance common for certain roles.
Privacy / consent law: Data Privacy Act 2012 (Republic Act 10173) + National Privacy Commission regulations. Written consent required, specific to the checks being conducted. Employers must disclose data recipients (including overseas entities — relevant where Australian employer receives data). Proportionality principle applies: only collect what is necessary for the role.
Key risk for AU employers: Common name false positives in NBI checks — the NBI system matches by name and date of birth. Filipino naming conventions (multiple common surnames, middle names used differently) create frequent HIT flags that require manual resolution and can add 1–3 weeks to the process. Diploma mills less prevalent than India but present, particularly for nursing, engineering, and IT qualifications. NBI Clearance validity is one year — for long-term offshore employees, renewal tracking is an operational requirement.
Typical turnaround: NBI Clearance: 5–15 business days (longer if HIT resolution required — can extend to 3–4 weeks). Employment verification: 3–7 business days. Education verification: 3–10 business days. Identity (PSA e-Verification): near-instant for digital check.
The NBI HIT issue is the most common surprise for Australian employers screening Philippine-based hires for the first time. When a candidate's name matches a name in the NBI database associated with a pending criminal case, the clearance is flagged as a HIT — even if the candidate has a different date of birth, a different middle name, or is demonstrably a different person. Resolving a HIT requires the candidate to appear at an NBI office, which adds time and creates friction in the hiring process. The practical implication: build NBI clearance processing time into your Philippine hiring timeline from the start, not as an afterthought. For roles where speed of hire matters, starting the NBI process as early as possible — including at the conditional offer stage — reduces the risk of a last-minute delay. The Data Privacy Act 2012 requires that the candidate be informed that their data will be transmitted to an overseas recipient — the Australian employer — and that the overseas recipient's data protection standards should be comparable to Philippine standards. Australian employers receiving personal data from Philippine candidates should ensure their consent documentation explicitly covers the overseas transfer.
Vietnam: The Emerging Offshore Market — With a Criminal Records System That Changed in 2025
Vietnam has emerged as a significant offshore destination for Australian companies in technology, manufacturing operations, and professional services. Its young, technically skilled workforce and competitive cost structure have made it increasingly attractive as an alternative or complement to India and the Philippines.
🇻🇳 Vietnam
Standard checks: Judicial Record Card (criminal record certificate — now issued by Ministry of Public Security from February 2025, previously Ministry of Justice). Identity verification (CCCD national ID). Employment history verification. Education verification (via issuing institution). Reference checks.
Privacy / consent law: Personal Data Protection Decree 13/2023/ND-CP (effective July 2023). Explicit written consent required before collecting sensitive personal data including health and criminal records. Employers wishing to collect sensitive personal information must register with the Personal Data Protection Commission (PDPC) under the Ministry of Public Security. Draft regulations may impose additional obligations.
Key risk for AU employers: The February 2025 transfer of criminal record certificate issuance from the Ministry of Justice to the Ministry of Public Security has caused procedural disruption and is affecting turnaround times as the two agencies complete the transfer of records and systems. Additionally, from December 2025, all criminal record applications must be submitted exclusively online — in-person submissions are no longer accepted. Employers and candidates who are unfamiliar with the new online system are experiencing delays. Employment verification is less standardised than in India or the Philippines — records may be paper-based, particularly for older roles or smaller employers.
Typical turnaround: Judicial Record Card: 15–25 working days under normal conditions; currently extended due to the 2025 system transition. Education verification: 3–10 business days. Employment verification: 5–14 business days depending on employer and record availability.
The February 2025 change to Vietnam's criminal records system is the single most important operational fact for Australian employers screening Vietnam-based hires right now. The transfer of responsibility from the Ministry of Justice to the Ministry of Public Security is still bedding down, and turnaround times for Judicial Record Cards are currently longer than normal. Building additional lead time into Vietnam screening processes is essential until the transition stabilises. The requirement for employers to register with the Personal Data Protection Commission before collecting sensitive personal data — including criminal records — from Vietnamese candidates is an obligation that many international employers are not aware of. The registration process involves submitting a harmful impact assessment and is administered by the PDPC under the Ministry of Public Security. Australian employers building Vietnam screening programmes should take legal advice on this requirement specific to their structure and role types.
China: The Highest-Complexity Market — Where Data Residency Changes Everything
China presents a distinct set of challenges for Australian employers that go beyond the mechanics of which checks to run. The Personal Information Protection Law 2021 (PIPL) and the Data Security Law 2021 create a data governance framework that directly affects how background check data can be collected, transmitted, and stored by an overseas employer.
Standard checks: Identity verification (Resident Identity Card / RIC). Employment history verification. Education verification (via CHSI — China Higher Education Student Information database for degree certificates). Criminal background check (via local Public Security Bureau or authorised third-party — access is limited and process varies by city). Reference checks.
Privacy / consent law: Personal Information Protection Law 2021 (PIPL). Cross-border transfer of personal information out of China requires one of three mechanisms: a security assessment conducted by the Cyberspace Administration of China (CAC), a standard contract filing with the CAC, or certification by a CAC-approved body. For most background screening scenarios, the standard contract (SCC) mechanism is the practical route. Written consent required; purpose and scope must be disclosed. Sensitive personal information (criminal records, biometrics) requires explicit consent.
Key risk for AU employers: Cross-border data transfer compliance is the primary operational challenge. Transmitting a Chinese employee's personal data — including criminal history and employment records — to Australia without completing the required regulatory mechanism is a PIPL violation. The standard contract mechanism requires legal preparation and CAC filing. Criminal record checks are significantly more restricted than in other markets — there is no publicly accessible national criminal database, and access through local PSBs varies by city and often requires in-country processing. Education verification through CHSI is well-established and relatively fast for post-1999 graduates.
Typical turnaround: CHSI education verification: 3–5 business days. Employment verification: 5–10 business days. Criminal check: highly variable by city — 10–30+ business days where available. PIPL SCC preparation and filing: allow 4–8 weeks for legal preparation before screening begins if not already in place.
China's PIPL cross-border data transfer requirements are the item most frequently overlooked by Australian companies building China-based teams. The PIPL applies to any personal data collected from individuals in China — including the background check data that flows from a Chinese hire to an Australian employer. Without completing the relevant transfer mechanism, the transmission of that data is a legal violation under Chinese law, regardless of what the Australian employer's own privacy framework requires.
For Australian companies with ongoing China hiring, completing the standard contract (SCC) mechanism once — as a standing framework for the employment relationship — is more efficient than treating it as a per-hire requirement. Legal advice from a firm with China PIPL expertise is strongly recommended before establishing a China screening programme.
PIPL is not a compliance footnote. For Australian employers with China operations, it is the foundation on which the entire screening programme must be built.
What a Compliant Offshore Screening Programme Looks Like for Australian Employers
Across all four markets, a screening programme that works for Australian employers has five characteristics.
It operates under both sets of laws simultaneously. The source country's privacy and data protection framework and Australia's Privacy Act both apply. A consent process that satisfies one but not the other is non-compliant. A provider who understands only one side of that equation is not sufficient.
It uses in-country verification sources, not intermediaries. Employment verification that contacts actual former employers. Education verification that reaches actual institution registrars. Criminal record checks processed through the actual government agency — NBI, ACIC-equivalent, Ministry of Public Security — not through a data aggregator with no direct relationship to the source. For India's diploma mill problem, this distinction is the entire margin between a check that catches fraud and one that does not.
It is calibrated to the specific risks of each market. The diploma mill risk in India warrants a different depth of education verification than in Australia or the Philippines. The NBI turnaround variability in the Philippines requires a different process timeline than a domestic check. The PIPL transfer mechanism in China requires legal preparation that has no equivalent elsewhere. One-size-fits-all offshore screening is not compliant and not effective.
It generates a documented audit trail. Under Australian privacy law, you must be able to demonstrate what was checked, when, with what consent, and what was found. Under the DPDP Act in India, you must demonstrate consent was specific and that data was handled within defined purpose parameters. The audit trail requirement is not optional in any of these jurisdictions.
It is built on a platform with genuine local reach — not just global claims. There is a meaningful difference between a provider that claims to operate in 150 countries and a provider with established relationships with verification sources, government agencies, and institutions in each of those countries. For India, the Philippines, Vietnam, and China specifically — markets with their own complex bureaucratic processes — local reach means local relationships, not just a global website.
Avvanz: Built for Australian Companies Hiring Across Borders
Avvanz ScreenGlobal operates across 150+ countries, with established verification networks in India, the Philippines, Vietnam, China, and every other major offshore market for Australian employers. We are not a domestic Australian provider with a global products page. We have operated in these markets, built relationships with the relevant government agencies and institutional verification sources, and developed the legal and operational knowledge to navigate the specific compliance requirements of each jurisdiction.
For Australian employers, we manage the full compliance picture: Australian Privacy Act requirements on the receiving end, and the DPDP Act, Data Privacy Act, Vietnamese PDPC, and Chinese PIPL on the source end. Consent processes, data handling, cross-border transfer mechanisms, and audit trails — built into the platform, not left to the HR team to manage manually.
Our offshore screening packages cover identity verification, criminal record checks through official in-country channels, employment history verification with direct employer contact, education and qualification verification through issuing institutions, reference checks, and global watchlist and sanctions screening — all managed through a single platform with real-time status visibility.
The Australian employer who says 'we screen all our people' but has no offshore verification programme has a significant gap. Close it before an incident makes it visible.
Contact us at consult@avvanz.com or request a demo today. If you’re also screening locally, see our guide to background checks in Australia and the background check consent and Privacy Act requirements that still apply to the data you store in Australia.