Navigating Volunteer Background Check Compliance
Posted Tuesday, August 30th, 2022 by Sterling Volunteers Staff
Everyone has the right to feel safe, and nothing is more important than helping nonprofits to safely fulfill their missions. At Sterling, assisting organizations to build strong background screening programs, policies, and processes is what we do. Especially as it relates to navigating compliance.
In a recent webinar, now available on-demand, Chris Christian, Director of Compliance at Sterling, discussed how nonprofits can navigate compliance when conducting volunteer background screening. Advanced in compliance and risk management with more than fifteen years of experience in the background screening industry, he is keenly adept at the architecture, implementation, and management of risk management and compliance programs.
Just how confident are you in your organization’s volunteer background screening compliance? Here we dive into background screening compliance for nonprofits and explain why compliance matters to your organization. We’ll also explore how you can maintain and update your existing policies that consider, federal, state, and local laws as well as regulatory issues. Additionally, we’ll review tips and tools that can help mitigate risk as your organization navigates complex compliance requirements.
Compliance for Nonprofits
Background screening compliance is an organization’s compliance with federal and state laws that regulate background screening. It also refers to your organization’s policies, procedures, and workflows of both background screening and your compliance program. It can be a big deal for nonprofit organizations because noncompliance can be costly, but it’s easily avoidable. Additionally, noncompliance can lead to public reputation issues for your organization in the press, on social media, and within the volunteer community.
Navigating Regulatory Requirements
It’s important to build compliance controls into your organization’s background screening program by addressing federal regulations, state and local laws, and internal policies and procedures.
When considering compliance layers, navigating the ever-changing regulatory requirements is challenging. The components necessary to protect your organization’s exposure to regulatory compliance risks include:
- Federal Regulations, e.g., Fair Credit Reporting Act (FCRA)
- State and Local Laws, e.g., Fair Chance/Ban the Box and use of credit reports
- Policies and Procedures, e.g., you must set internal policies and review them frequently
The Fair Credit Reporting Act (FCRA) is the federal law regulating the use of background checks by organizations, including volunteer organizations. Here’s an overview of the core requirements under the law:
Disclosure and Authorization – Prior to conducting any background check, organizations must provide the candidate with the appropriate disclosure, and also obtain a written authorization. Additionally, you must provide a copy of the federal Summary of Rights under the FCRA along with the authorization. A few important notes:
- FCRA section 604 requires that an employer must provide a “clear and conspicuous” written notice that consists “solely of the disclosure.” In other words, the disclosure must be (1) clear and conspicuous; and (2) exist as a standalone document;
- FCRA requires a different and separate disclosure for “investigative consumer reports”. These are reports containing information from personal interviews with friends, neighbors, and associates that bears on their reputation and personal characteristics;
- FCRA disclosures are a major source of both compliance confusion and litigation. It’s one of the most common FCRA litigation issues. Examples of potential issues in recent case law are combining disclosures with authorizations; including state-specific notices with disclosures; including a “release of liability language” in the disclosure; and including instructions to the subject of the background report in the disclosure.
Summary of Rights – Your organization must provide a copy of the federal Summary of Rights notice to anyone being screened.
Adverse Action – Adverse action is the process of denying a candidate based on the results of a consumer report (background check). If organizations are considering taking adverse action based (in whole or in part) on adverse information in a background check, they must follow a two-stage, multi-step process called pre-adverse and final adverse action. Here you can reference Sterling’s Adverse Action Checklist while making sure to follow the steps below:
- Step 1: Send pre-adverse action notice to the candidate;
- Step 2: Wait for the required amount of time (at least 5 days but can vary by jurisdiction) and address any fair-chance or individualized assessment issues. Allow candidate time to dispute and for the CRA to complete the reinvestigation;
- Step 3: Make a final decision, and send final adverse action notice if needed.
Tips for Adverse Action
- Create a policy for handling both stages of adverse action;
- Train staff on adverse action procedures;
- Allow a reasonable amount of time between pre-adverse action and final adverse action notices (at least 5 business days);
- Don’t make a decision until the pre-adverse action notice has been sent and candidate has been given time to file a dispute, if applicable.
State and Local Laws
There are laws in some jurisdictions that limit inquiries about a candidate’s prior criminal convictions, that restrict timeframes for which records may be reported, or that require additional steps to be taken.
Fair Chance/Ban the Box – There are ~35 states and numerous cities or counties that have laws in place that are applicable to private employers or organizations, including nonprofits. Generally, these laws prohibit organizations from asking about a candidate’s criminal history on an application, and also allow for an inquiry later, typically after a conditional offer or after the interview stage. These laws may also require additional compliance steps from federal law such as:
- Require additional adverse action notifications and steps that are in addition to (and are different than) the FCRA adverse action notice’s requirements;
- Require use of special Individualized Assessment forms (LA and NYC);
- Require additional language in the pre- and final adverse action notices in addition to FCRA requirements (CA, LA, and IL);
- Require an “Individualized Assessment” similar to what is required by the Equal Employment Opportunity Commission (EEOC) Guidance on use of criminal records.
Tips for State and Local Laws
- Compliance requirements have evolved since the original Fair Chance/Ban the Box laws were introduced in many jurisdictions. Reassess your organization’s screening procedures and consult with legal counsel about your processes in jurisdictions as applicable;
- Provide the appropriate State Summary of Rights Notices with the disclosure and authorizations and/or adverse action notices (CA, San Francisco CA, LA, MN, NY, NYC, OK, and WA);
- Note restrictions on use of credit reports, particularly states with narrow exemptions allowed (CA, CO, CT, D.C., DE, HI, IL, Chicago IL, Cook County IL, New Orleans LA, MD, NYC, NV, OR, Philadelphia PA, PR, VT, and WA).
Compliance Policies and Procedures
Maintaining and managing your organization’s screening program can be challenging. You will want to implement and follow policies and procedures that promote consistency and compliance in the workplace environment.
You will also want to document your organization’s processes for requesting, receiving, and evaluating background checks. Be sure to consider:
- A volunteer role matrix that includes what data would (or would not) eliminate a candidate
- Individualized assessment processes
- Workflows for federal, state, and local notices, if applicable
- Adverse Action and Fair-Chance processes
- Compliance with state and local laws that differ from the FCRA
Your organization should also engage your legal counsel (or outside legal counsel) to periodically review your policies and procedures to guide you in meeting your compliance obligations. It’s also a good idea to seek best-practice insights and guidance on regulatory updates from your background screening partner. Ongoing training on procedures and policies is key to ensuring adherence to them.
Helpful Compliance Resources
Achieving and maintaining compliance is crucial to the success of your organization’s mission. Be sure to document your organization’s screening policies and procedures, while reassessing them periodically to keep them up to date. You’ll also want to monitor legislation and regulatory updates impacting background screening.
Frequent review of your FCRA workflows and disclosure and authorizations forms is necessary. You’ll want to reassess your organization’s screening program and procedures with your legal counsel (or outside legal counsel) before implementing any changes to your program.
Dedicated Sterling compliance resources are available to help your organization, including:
Key Compliance Takeaways
In summary, be sure to set continuous periodic review of your FCRA disclosure forms. Monitor federal, state, and local legislation, along with regulatory updates. Review your screening policies and procedures regularly and set a schedule for continuous periodic overview of processes. Consult with your legal counsel on all applicable matters. Lastly, seek helpful compliance resources to keep track of the latest updates.
Watch the Compliance Webinar On-Demand
To learn more, watch the “Navigating Volunteer Background Screening Compliance” webinar, and also visit the Sterling Compliance page for helpful updates and tools.