Background Checks in Banks, and Conflicts with Ban-the-Box Laws
Philip M. Berkowitz is the U.S. practice co-chair of Littler’s International Employment Law Practice Group and co-chair of the Financial Services Industry Group. He advises multinational and domestic companies in a wide range of industries on employment-related matters. He can be reached at [email protected].
Numerous federal, state and local laws require banks to run criminal background and credit checks on employees and applicants for employment. These include the Federal Deposit Insurance Act (FDIA), the Securities and Exchange Act, the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act), the Truth in Lending Act (TILA), and various FINRA rules. The background checks may also need to be re-run periodically during employment to assure the continued accuracy of the information received during the recruitment process, and to assure that the individual continues to be qualified to fill their role.
In addition to these industry-specific requirements, one must consider requirements imposed by the Office of Foreign Assets Control (OFAC). OFAC screening is meant to enforce economic sanctions against certain countries and individuals. All “U.S. persons” must comply with OFAC’s regulations and sanction, and federal banking regulators evaluate bank OFAC compliance programs to ensure that all banks subject to their supervision comply with OFAC sanctions. As part of such a regulatory review, regulators will typically inquire whether employees are checked against the OFAC list.
There is more. PEP screening refers to Politically Exposed Persons, also known as “senior foreign political figures,” as defined under regulations issued by the Financial Crimes Enforcement Network of the U.S. Department of the Treasury. PEPs have been known to utilize banks as a medium for illegal activities, and the screening is meant to diminish the risk of money laundering. The screening emanates from the Bank Secrecy Act, the Financial Action Task Force (FATF) and the Federal Financial Institutions Examination Council (FFIEC). Under the Bank Secrecy Act, and as set forth in FFIEC’s Bank Secrecy Act/Anti-Money Laundering Examination Manual, banks operating in the U.S. are required to have procedures in place for identifying PEPs, and implementing appropriate controls and procedures to monitor the accounts and transactions of PEPs.
U.S. banking regulators have indicated to banks and other financial institutions that they should be adopting enhanced processes to identify PEPs, including as part of the employee hiring/onboarding process. As a result, many banks have added questions to their employment application seeking to identify whether a candidate for employment or a candidate’s family member is a PEP.
In addition to these onerous requirements, Section 19 of the FDIA imposes an affirmative duty upon an insured depository institution to make a “reasonable inquiry” regarding an applicant’s criminal record history, which consists of taking steps appropriate under the circumstances, consistent with applicable law, to avoid hiring or permitting participation in its affairs by a person who has a conviction or who has agreed to enter into a pretrial diversion or similar program in connection with a prosecution for a covered offense.
The SAFE Act, which applies to national and state banks, branches of foreign banks, credit unions, and other financial institutions, requires that mortgage loan originators who originate residential mortgage loans be subject to an FBI criminal background check and an independent credit report from a consumer reporting agency. Regulation Z of the TILA, which generally applies to “loan originators” involved in consumer credit transactions secured by a dwelling, also requires background checks, including credit checks of all loan originators.
Further, Rule 17a-3(a)(12) of the SEA requires members and broker-dealers to make and keep current certain books and records with respect to “associated persons” of the firm containing information regarding the associated person, including a record of any arrests and indictments for any felony or certain enumerated misdemeanors, and the disposition of such arrests and indictments.
FINRA-regulated entities must also comply with FINRA Rule 3110(e), which requires each member to run a comprehensive criminal record and credit check on FINRA registered employees and applicants for a FINRA registered position to verify the accuracy and completeness of the information contained in the applicant’s initial or transfer Form U4. Additionally, firms must perform a search of “reasonably available public records” to verify the completeness and accuracy of the details included in an individual’s Form U4.
We also must not forget the Fair Credit Reporting Act, which applies to all employers running the various checks. Under FCRA, employers must obtain the consumer’s written authorization to conduct a background check if the employer outsources any portion of the background investigation process, formally referred to as a “consumer reporting agency.” It requires that a company provide an applicant subject to screening with a “clear and conspicuous disclosure … in a document that consists solely of the disclosure, that a consumer report may be obtained for employment purposes.”
On the other side of these multiple and varied requirements sit “ban-the-box” laws, which many states have implemented to restrict or narrow the ability of employers to run criminal background or credit checks. Examples of particularly onerous local laws are those in effect in New York State and New York City. The New York Fair Chance Act (FCA) prohibits employers from conducting a criminal background check or examining a potential employee’s arrest or conviction record until after the employer has made a conditional employment offer.
Any decision to deny employment based on a criminal record must be consistent with Article 23-A of the New York Corrections Law, which requires that there be a direct relationship between one or more of the previous criminal offenses and the employment sought or held by the individual, and if granting or continuing employment would involve an unreasonable risk to property or the safety or welfare of individuals or the general public.
The law is complicated. Employers who review an applicant’s criminal history before making a final offer of employment must implement a two-tiered screening process, wherein all non-criminal pre-employment screenings, such as a review of the applicant’s employment and educational history, must be completed and passed by the applicant before a conditional offer of employment is made. Thereafter, employers may, after making a conditional offer of employment, request and review the applicant’s criminal history, which may only be considered in compliance with the individualized assessment, notice and consideration requirements of the FCA.
Further, before taking any adverse employment action based on the inquiry, the FCA requires the employer to provide a written series of questions to the applicant to demonstrate that the employer is considering only the legitimate factors identified in Article 23-A in assessing eligibility for employment. The employer must perform a written analysis and provide a copy to the applicant, including supporting documents that formed the basis for an adverse action and the reasons for taking any adverse action. The employer must also allow the applicant no less than three business days to respond, and hold the position open for the applicant.
By its terms, however, the FCA does not apply if federal, state or local law, or a self-regulatory organization (SRO) requires the employer to conduct criminal background checks for employment purposes or to bar employment in a particular position based on criminal history. Accordingly, financial services companies are exempt from compliance with the FCA and SCDEA with respect to their FINRA-registered employees or applicants for a FINRA-registered position.
Similarly, the New York City Stop Credit Discrimination in Employment Act (SCDEA) generally prohibits employers from requesting or using a potential or existing employee’s credit history – including credit reports, credit scores, and other information regarding a person’s credit, bankruptcies, judgments or liens – when making hiring, promotion, firing and other employment determinations.
The SCDEA does not, however, restrict an employer who is required by state or federal law or regulation, or by an SRO, to use an individual’s consumer credit history for employment purposes. This exemption applies only to those positions regulated by SROs; employment decisions regarding other positions must still comply with the SCDEA.
New York is by no means the only state whose laws include exemptions for individuals employed by or seeking employment with financial institutions. But the laws can be tricky to interpret. Some ban-the-box statutes include explicit exclusionary language for individuals who are employed by a bank or financial institution. These include Colorado, Illinois, Maryland, Oregon, Vermont, Washington, and, as noted above, New York, and other municipal and local jurisdictions.
Other states, though, identify other exclusions (such as being mandated by federal or state law) that do not explicitly identify financial institutions, but likely apply to individuals who may be employed by them. These jurisdictions include California, Connecticut, Delaware, the District of Columbia, Florida (referring to a bona fide occupational qualification), Hawaii, Maine, Massachusetts, Minnesota, Nevada, New Jersey, Rhode Island, Texas, Vermont, Wisconsin, and various other municipal and local jurisdictions.
Unfortunately, the exemptions are not always crystal clear. And financial institutions, already under heightened scrutiny with respect to their compliance procedures, have to balance competing obligations imposed by federal and state banking regulators, on the one hand, and local anti-discrimination lawmakers, on the other. This is not a simple task; financial services companies must take care to sort through these competing rules, to avoid liability from regulators on both ends of these issues.
Consequently, employers cannot avoid the onerous task of familiarizing themselves with these restrictions, legislative and regulatory updates, and the degree to which they may apply to their hiring and periodic updating of background checks. Recommended practices include notifying applicants and employees of the background and credit check requirements and informing them of the restrictions mandated by the applicable state on this process.
Employers should prepare a background check disclosure form that explains the information that may be gathered and indicating the sources of the information. The form must include an authorization signed by the candidate or employee permitting the employer to obtain the background check and providing other representations, including an acknowledgment that, where permitted, the employer may rely on the authorization to order additional background reports without asking for authorization again during employment and from different credit reporting agencies.
The employer must also provide the employee with the statutorily required summary of rights under the FCRA, which include, among other things, the right to be informed if the results are used against the individual; to know what is in the file; the right to one free disclosure every 12 months from nationwide credit bureaus; to request a credit score; to dispute incomplete or inaccurate information; and to place a “security freeze” on their credit report, which will prohibit a consumer reporting agency from releasing information in the credit report without the individual’s express authorization.
Finally, employers must keep careful records, via a log sheet supplemented by contemporaneous records, of the background checks performed, identifying each individual, the particular background check, when it was conducted, the verification process, a record of references, and other similar information.
There are no short-cuts to compliance. Well-run financial services organizations will stay in touch with employment counsel familiar with these compliance-related requirements, provide periodic internal training to relevant personnel, and prepare form documents that comply with the various applicable federal, state, and local laws, regulations, and guidances.
Global Banking & Finance Review
Why waste money on news and opinions when you can access them for free?
Take advantage of our newsletter subscription and stay informed on the go!
By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact
Top Stories3 days ago
Nestle misses sales estimates as price hikes deter shoppers
Top Stories3 days ago
China’s Xpeng signs partnership with UAE’s Ali&Sons, eyes Italian market
Top Stories3 days ago
ECB reports record loss for 2023 as rate hikes bite
Business3 days ago
Global Economic Trends: Implications for Business Insurance Strategies