Introduction
This checklist will assist in-house counsel, private practice lawyers, and human resources professionals with completing criminal background investigations on job candidates and contractors.
This checklist addresses the following steps:
- Deciding whether to conduct an investigation
- Conducting an investigation
- Analyzing the results of an investigation
This checklist can be used in conjunction with the following How-to guides: Mitigating risk of criminal activity, Understanding white collar crime, and How to investigate the social media activity of prospective employees, and Checklist: Conducting an internal investigation into suspected criminal activity.
Step 1 – Deciding whether to conduct an investigation
| No. | Requirement |
| 1.1 | Determine if an investigation is required by law or regulation |
| 1.2 | Determine whether any contracts require an investigation to be carried out |
| 1.3 | Consider whether conducting an investigation is best practice for the role |
| 1.4 | Establish the permissible uses of the results from an investigation |
| 1.5 | Decide whether to outsource the investigation or conduct it internally |
Step 2 – Conducting an investigation
| No. | Requirement |
| 2.1 | Obtain the necessary information for the investigation |
| 2.2 | Understand the legal limitations of the investigation |
| 2.3 | Conduct the background investigation |
| 2.4 | Review the results of the investigation |
| 2.5 | Decide whether further investigation is warranted |
Step 3 – Analyzing the results of an investigation
| No. | Requirement |
| 3.1 | Determine if there were mitigating factors or explanations |
| 3.2 | Determine whether the results rule out or restrict an employee |
| 3.3 | Assess the potential liabilities for the employer |
Explanatory Notes
General Notes
Many employers carry out criminal background investigations into job candidates and contractors for a variety of reasons, including:
- when laws and regulations require background investigations for workers in certain occupations, such as persons who work with children or vulnerable adults;
- to guard against problem personnel damaging the employer’s business – employers may be exposed to civil and criminal liability, as well as potential bad publicity, due to the actions of employees and contractors during the course of their work for the employer; and
- to protect the employer’s assets and proprietary information from potential theft or misuse.
Criminal background investigations can provide invaluable insight into a candidate’s suitability for a role, but they can also open the door to legal liability. To minimize the risks associated with criminal background investigations, organizations should:
- stay apprised of local, state, and federal laws that directly and indirectly impact background investigations;
- consistently apply background investigation policies and practices to similarly situated candidates;
- evaluate background investigations in the context of the role’s responsibilities; and
- ensure transparency with candidates about the background check process and their rights.
Legal framework
With the exception of juvenile adjudications, records of criminal convictions are public information unless they have been ordered by a judge to be sealed or expunged. There are, however, legal restrictions on the permissible uses of such information. These restrictions are set out in steps 2.2 and 3.2 below.
Criminal background investigations, and the way in which the results of an investigation are used, must not violate federal, state, or local laws against discrimination. The potential for discrimination is particularly great when investigations are not conducted uniformly and consistently.
To ensure compliance and minimize legal risk, organizations should establish and adhere to detailed background check policies and procedures, which should take into account the information set out in this checklist as well as any federal, state, or local laws and industry specific requirements. Organizations should regularly review and update their background check policies to reflect changes in laws and regulations.
Step 1 – Deciding whether to conduct an investigation
1.1 Determine if an investigation is required by law or regulation
There is no law that requires employers to carry out criminal background investigations into all job candidates. However, there are industry and occupation-specific state and federal laws that require background investigations to be carried out for certain types of positions.
Criminal background investigations are typically required for the following occupations:
- teachers and childcare workers;
- healthcare workers;
- security personnel;
- law enforcement;
- workers with access to children or vulnerable adults;
- government employees and contractors;
- financial professionals;
- drivers for hire (ride-share, taxi);
- truck drivers;
- positions requiring access to sensitive national security information; and
- roles involving handling of controlled substances or hazardous materials.
Requirements vary by jurisdiction so it is important to review state and federal laws that are relevant to the particular industry and role. In Michigan, for example, each area agency on aging needs to conduct background checks for each new employee, employee, subcontractor, subcontractor employee, or volunteer who has in-person client contact, in-home client contact, access to a client's personal property, or access to confidential client information. The law further requires that the background checks be repeated every three years.
Additionally, criminal background investigations are required for certain occupational licenses and security clearances. While these are often initially conducted by the licensing board of government agencies, employers often have additional background check requirements which include ensuring licenses are up to date and periodically checking for new criminal charges that may have occurred. Exact requirements will vary by industry and profession.
1.2 Determine whether any contracts require an investigation to be carried out
Review pertinent contracts to determine whether a background investigation is required. The most common sources of contractual requirements for criminal background investigations are government contracts, vendor contracts, and employee leasing contracts.
For example, it is common for healthcare organizations to lease human resources professionals from professional employer organizations (PEOs) – these contracts will usually require that the PEO conducts background checks on all leased professionals. As another example, government contracts for security-related work will always require background checks.
The contract terms govern the necessity and scope of background investigations unless inconsistent with applicable law.
1.3 Consider whether conducting an investigation is best practice for the role
Even if a criminal background investigation is not required by law or contract, assess the appropriateness of conducting a criminal background investigation based on the nature of the role being filled. Key considerations include:
- the level of access to sensitive data and property, such as bank accounts, cash, and keys;
- whether the employee will be working with children or vulnerable adults;
- the degree of autonomy and authority within the role;
- the opportunity the employee will have to commit a crime (eg, if the role is fairly unsupervised);
- whether the employee will have a high public profile (eg, spokespersons);
- whether a failure to carry out a criminal background investigation might be considered negligent by the courts;
- the potential for the role to impact public safety or trust; and
- whether the role involves handling confidential or proprietary information.
To minimise the risk of discrimination claims (covered in more detail at step 2.2.2 below), decisions whether to conduct criminal background investigations should generally be made on a per-position basis, rather than on a per-person basis, and should be made consistently in line with the organization’s policy. For example, if the organization runs a criminal background investigation on a prospective employee for an IT manager position, it should run the same background investigation on all prospective IT managers. However, there may be exceptions, such as if a routine background review suggests potential criminal activity (eg, public social media posts regarding unlawful drug use).
1.4 Establish the permissible uses of the results from an investigation
Subject to legal limitations found in local, state, and federal laws (see step 2.2 below), employers can use criminal background investigation results to guide decisions related to hiring, firing, an employee’s access to restricted areas, accounts, and files, and employee career progression.
1.5 Decide whether to outsource the investigation or conduct it internally
Decide whether the organization will conduct the investigation internally or outsource the task. Both approaches have advantages and disadvantages. Conducting the investigation internally is less expensive, because it can be carried out by the organization’s existing staff, and internally conducted investigations can more readily be tailored to the organization’s needs.
Outsourcing the investigation generally provides greater access to resources, such as specialized databases and search tools, that can yield more comprehensive results. It also allows organizational staff to focus on their primary job roles without additional investigative responsibilities. Employers may not have the capacity and skills to conduct investigations internally and will therefore have to outsource.
Step 2 – Conducting an investigation
2.1 Obtain the necessary information for the investigation
Before starting an investigation, obtain written, signed permission from the job candidate and also the personal information needed to obtain accurate results.
The Fair Credit Reporting Act (FCRA), 15 USC sections 1681–1681x, and some state laws require employers to obtain written authorization before conducting a background investigation if a third-party service is used. Even if not legally required, obtaining authorization is best practice, in order to avoid future claims from the candidate of unfairness or discrimination. The authorization should set out in writing that the investigation will be used to evaluate eligibility for employment (or a promotion or different job assignment) and should make clear the applicant’s rights (eg, the right to identification of the reporting agency, the right to a copy of the report, etc).
The candidate’s personal information should be gathered to ensure accuracy. This information should include:
- names used, including aliases;
- date of birth;
- social security number;
- driver’s license number;
- current and previous addresses; and
- any other information requested by a third-party background service.
2.2 Understand the legal limitations of an investigation
The FCRA and Title VII of the Civil Rights Act of 1964 (‘Title VII’), 42 USC sections 2000e to 2000e–17, impact an employer’s obligations and impose limitations when conducting criminal background investigations.
2.2.1 FCRA
The FCRA governs consumer reports, which include background investigations. It requires employers to:
- obtain written authorization before obtaining a criminal background investigation report from an agency;
- provide a pre-adverse action notice and a copy of A Summary of Your Rights Under the Fair Credit Reporting Act if adverse decisions are made based on the report, and allow the candidate a reasonable amount of time to dispute the information gathered during the investigation; and
- provide a post-adverse action notice, including the reporting agency’s name, contact information, and a statement that the candidate can dispute inaccurate information and obtain a free copy of the report.
2.2.2 Title VII
Title VII prohibits employment discrimination based on an individual’s membership in one or more of the following protected classes: race, color, religion, sex, and national origin. It does not directly regulate background investigations, but background investigations can result in liability under both disparate treatment and disparate impact theories under Title VII.
Disparate treatment discrimination is when an employee is treated differently on account of their protected class. For example, a practice of conducting criminal background investigations only on Latino applicants would constitute disparate treatment discrimination. Additionally, a background investigation may reveal that a candidate is a member of a protected class, and making adverse decisions based on membership of the protected class is unlawful discrimination.
Disparate impact discrimination is when an employer’s policy appears neutral but in fact disproportionately impacts a protected class. A purportedly non-discriminatory criminal background investigation policy that in practice results in a disproportionate number of black employees not being hired could constitute disparate impact treatment discrimination.
Business necessity can serve as a defense to discrimination claims based on background checks. This defense is available where the employer can prove that the background investigation policy is necessary for the job in question and that there are no less discriminatory alternatives available that would effectively achieve the employer's legitimate business goals.
For example, the Equal Employment Opportunity Commission (EEOC) brought suit based on disparate impact against a BMW manufacturing facility that had an employment policy that excluded job candidates with certain criminal convictions, without specifying a time limit for these convictions (see EEOC Files Suit Against Two Employers for Use of Criminal Background Checks). The EEOC claimed that through its policy, BMW disproportionately screened out African Americans from jobs, and that the policy was not job related or consistent with business necessity. Ultimately, the EEOC obtained a consent decree that required BMW to pay $1.6 million to 56 claimants and required BMW to update its policy.
For more on FCRA and Title VII compliance, see Federal Trade Commission (FTC), Background Checks, What Employers Need to Know.
2.2.3 Data privacy laws
There is currently a patchwork of state and federal data privacy laws in the US and development of additional legislation is ongoing. Since background checks generally involve receipt and use of sensitive information, organizations may be subject to data privacy laws when conducting background checks. These laws may impact an employer’s responsibilities when it comes to background checks particularly related to obtaining consent, sharing information, how the information may be used, and data retention and destruction.
For further information, see US IT & Data Protection Practical Resources.
2.2.4 State laws
Some states and localities have laws and regulations that impose additional and/or more stringent requirements than federal laws. ‘Ban the box’ laws, in particular, have been on the rise at the state and local levels. At least 37 states and the District of Columbia (see, eg, Cal Govt Code section 12952) and over 160 cities and counties (see, eg, New York City Fair Chance Act) have adopted ban the box legislation. These laws typically seek to require employers to delay inquiring into an applicant’s criminal history or conducting a background investigation until the later stages of the employment process. Background investigations are not prohibited under these laws, but if they are conducted, they are conducted further along in the process so as not to constitute an automatic disqualification. Laws that restrict the scope of inquiry and which criminal offenses can serve as the basis for a no-hire decision are also increasingly common at the state and local levels.
2.3 Conduct the background investigation
2.3.1 Third-party or self-managed background check
Initially, organizations must decide whether to hire a third-party service to conduct background investigations or conduct them in-house. Both are common approaches, and which is best will depend on a variety of circumstances, such as organizational size, budget, frequency of hiring, complexity of checks, industry, and whether the organization has internal legal compliance support that can guide the checks.
2.3.2 Compliance with policies and procedures
Whether organizations conduct their own checks or outsource the process to third parties, it is imperative that the organization’s internal policies and procedures are followed. Deviations from policies and procedures can be used as evidence of discrimination. When working with third-party background services, it is important to communicate requirements to the service.
2.3.3 Components of a background check
The scope of background checks will depend on the organization and the role. They typically include more than just criminal history checks. Some common components of background checks include:
- local, state, and federal criminal history checks;
- employment verification;
- education verification;
- personal and professional reference checks;
- credit history checks;
- drug screenings; and
- licensure confirmations.
2.4 Review the results of the investigation
When reviewing background investigation results, it is imperative to consider the entire picture to determine whether it is appropriate to disqualify the candidate from consideration based on past criminal conduct. Factors to consider include:
- Reliability of records – consider the source of the records and the age of the records. Outdated and unofficial records may be inaccurate or incomplete.
- Relation to the job – offenses should be considered in the context of the role being applied for. For example, an underage drinking citation has little bearing on a candidate’s trustworthiness and capability in a contract administration role.
- Crimes of moral turpitude – crimes of moral turpitude are crimes that involve dishonesty or involve base, vile, or depraved conduct such as sexual assault, manslaughter, or conspiracy. Such crimes are particularly significant in assessing a candidate’s suitability for a role, particularly if there is a correlation between the crime and the responsibilities of the role (eg, embezzlement conviction and a role at a bank).
- Subsequent actions – evaluate actions taken by the candidate after the offense to consider whether the candidate’s subsequent history shows a pattern of growth and rehabilitation or reoffending. For example, if many years have passed since the offense and the candidate has had no additional offenses, the risk of them causing harm if hired is likely to be lower than for repeat offenders.
- Pardon, expungement, sealed records – if the offense has been pardoned, expunged, or sealed, it may be unlawful to consider it in hiring decisions under state laws. Additionally, these efforts may provide insight into the candidate’s attempts to overcome their past.
2.5 Decide whether further investigation is warranted
Some level of further investigation is often required to determine whether the background investigation results should disqualify the candidate. Results that generally warrant additional investigation include unresolved charges, original charges that vary from the offense in a guilty plea, inconsistencies in the results, and complex crimes where the candidate’s role is not immediately clear. Additionally, the nature of some roles requires a more intensive background investigation that goes beyond mere database searches.
Further investigation can take many forms. It may involve asking the candidate questions, obtaining results from databases that have more records and information, reviewing court records, questioning friends and family, or any other action that would help paint a better picture of the candidate’s criminal and moral culpability. Follow-up inquiries may either substantiate disqualification or reveal that the offense was an isolated incident, or that the record is inaccurate.
Step 3 – Analyzing the results of an investigation
3.1 Determine if there were mitigating factors or explanations
Mitigating factors might include the age of the candidate at the time of the offense, economic duress, provocation for a violent offense, an offense linked to expressing political opinions (eg, disorderly conduct at a protest), or de minimis harm to the victim.
Importantly, there is no per se rule when considering mitigating factors. Each case warrants a detailed analysis and application of the employer’s best judgment.
3.2 Determine whether the results rule out or restrict an employee
In most cases, a criminal offense alone should not be sufficient to disqualify the candidate. The type of offense (ie, crime of moral turpitude or not), length of time since the offense was committed, and subsequent remedial actions taken by the candidate should all be considered. The offense should also be considered in the context of the job being applied for, to determine if the offense would impair the candidate’s ability to conduct the job, or could put others at risk.
The EEOC guidance on the use of arrest and conviction records in employment decisions, which is based on Title VII of the Civil Rights Act of 1964, emphasizes that a blanket exclusion of individuals with criminal records can have a disparate impact on certain protected groups. To comply with Title VII, employers generally need to show that a criminal record exclusion is ‘job-related and consistent with business necessity.’
This involves an individualized assessment:
- The nature and gravity of the offense or conduct: How serious was the crime?
- The time since the conviction or completion of the sentence: How long ago did this happen?
- The nature of the job held or sought: Does the crime directly relate to the duties and responsibilities of the job?
Here are two scenarios to help illustrate the difference:
- Banker role:
- Nature of the job: a banker role involves direct access to money, financial accounts, and sensitive customer information. It requires a high level of trust and integrity regarding financial matters.
- Connection to the offense: a theft conviction directly relates to the trustworthiness and integrity required for a banker. The offense may impair the candidate's ability to conduct the job safely and without putting others (customers, the bank) at financial risk.
- Outcome: disqualification is likely appropriate and justifiable as ‘job-related and consistent with business necessity.’
- Content Writing role (with no access to sensitive records):
- Nature of the job: a content writing role primarily involves creating written material. The employee has ‘no access to sensitive records,’ it does not involve handling money, confidential client data, or assets that could be stolen.
- Connection to the offense: a theft conviction, while a serious offense in general, has little to no direct bearing on the candidate’s ability to research, write, and edit content, especially if there is no opportunity to commit a similar crime within the scope of the job. The offense would likely not impair the candidate's ability to conduct the job, nor would it put others at risk in this specific context.
- Outcome: disqualification based solely on the theft conviction would likely be seen as a blanket exclusion, potentially violating EEOC guidance, as it is not job-related or consistent with business necessity for this particular role.
3.3 Assess the potential liabilities for the employer
Employers must evaluate the legal and practical risks associated with hiring or not hiring based on criminal background investigation results. Using the results to disqualify a candidate could put the organization at risk of a discrimination claim. Conversely, hiring a candidate despite a past criminal offense raises the risk of a negligence-based action if the candidate harms a fellow employee or third-party in the course of their employment, and if the action that caused the harm is somehow related to the employee’s past criminal activity. There is also a risk that the adequacy of the criminal background investigation may be challenged in a negligent investigation claim.
Example: an applicant for a job in a hotel is shown to have multiple theft convictions. They are hired anyway and given access to guest rooms, and as a result, to the guests’ belongings. The hotel may be held liable for negligent hiring if that employee steals from a guest’s room.
Another hotel employee was once convicted of criminal immigration fraud. If that employee steals jewellery from a guest’s room, the employee will be criminally liable, but it is unlikely that the hotel will be liable for negligent hiring, since theft is not similar to immigration fraud.
The respective risks will vary based on the situation and employers should aim to make well-reasoned and consistent decisions. For example, if one candidate is disqualified for a drug-related offense, another candidate with the same offense on their record should also be disqualified.
Additional resources
FTC, Background Checks, What Employers Need to Know
Society for Human Resources Management (SHRM), Conducting Background Investigations and Reference Checks
Related Lexology Pro content
How-to guides:
Understanding white collar crime
Understanding corporate criminal liability
Mitigating the risk of criminal activity
How to protect your company from violations of the United States Foreign Corrupt Practices Act
How to protect your organization from third party liability under the FCPA
How to self-report a suspected FCPA breach
Checklists:
Anti-bribery risk assessment
What to include in a FCPA compliance program
FCPA due diligence of third-party intermediaries
Charitable and political donations and gifts, travel, entertainment compliance
Conducting an internal investigation into suspected criminal activity
Reliance on information posted:
While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.