kblanchard:
One of the greatest mysteries for me about banking is the industry's reluctance to conduct comprehensive background investigations on those people who are to be entitled to a position of power, trust, control or authority. I want to know as much about a potential insider -- janitor, employee or director -- as I can possibly learn BEFORE he/she has access to property, goods, title or money. In my virtual, fictitious bank we practice rigorous security procedures. And while I recognize that these procedures will "weed out" some otherwise "good" insiders, I don't want any negative surprises in the future. Clean-up and damage control of negative issues are so much more costly than practicing effective prevention techniques.
The following text is taken from the workbook I wrote for my "Insider Abuse & Contractor Fraud" seminar. It horrifies many human resources and security professionals because of the intense scrutiny this process places upon every "insider" applicant. But -- why would you want to do any less? This process is also the accepted standard for facets of many industries, including emergency medical services, law enforcement, securities and information technology providers. Let's see what kind of response we get to these suggestions . . .
------------------------------
Employment application and background investigation processes for all standard and "special" employees -- including third-party service providers, contractors, executives and directors -- should be initiated, standardized and conducted by a single source. Janitors and temporary staff hired by each branch should be included in these categories. The process should include:
- Use a vendor (a local private investigator) to conduct initial and continuing background investigations concerning an applicant's occupational, criminal and financial histories -- currently, no background investigation is conducted;
- Coordinate all background investigations through the Security Department and use the Human Resources Department to verify and validate the results;
- Verify every applicant's previous employment history;
- Fingerprint each applicant and submit the fingerprint card to the FBI for a criminal record check;
- Conduct initial and continuing background investigations on third-party service providers, when it's appropriate;
- Conduct initial and continuing background investigations on executives or other employees who work in sensitive positions; and
- Cause all categories of employees, institution-affiliated parties and third-party service providers to complete and sign a contract that includes a confidentiality agreement and client's code of conduct -- before they begin work or have access to privileged information.
This investigation should include a memo approved by Human Resources that is delivered to the applicant when he/she receives the employment application. This memo thanks the applicant for applying for the position and contains a checklist of the applicant's "things to know or do" -- the conditions of employment. This memo should also state that the applicant would not be considered for permanent employment until all of these things have been accomplished. Confidentiality agreements should also be a standard part of the employment or contracting process. The following checklist may vary according to the position or project applied for and includes:
ALL INSTITUTION-AFFILIATED PARTIES
- Accreditation or license validation (initially if the position requires credentials);
- Account waivers (initially for checking and savings account review, with an emphasis upon the first 90 days, then periodically);
- Code of Conduct (initially, at the time of promotion and annually);
- Confidentiality agreement with an accompanying copy of client's Information Security Policy (initially, at the time of promotion and annually);
- Conflict of interest declaration (initially, at the time of promotion and annually);
- Credit check (annually and at the time of promotion, including bankruptcies, liens and judgments);
- Criminal history check from the last two counties of residence (initially and periodically for a marginally-performing person);
- Driving history furnished by the applicant (initially and during each annual performance review);
- Drug screen (initially and upon the display of objective symptoms);
- Employee handbook (initially, at the time of promotion and annually);
- Financial statement (initially and annually);
- Fingerprints (initially);
- Handwriting (when appropriate);
- Photograph (initially and annually);
- Reference validation (initially);
- Copies of applicant's past performance reviews from previous employer(s) (initially); and
- Waiver acknowledging client's right to conduct unannounced searches of institution-owned property including (initially, at the time of promotion and annually):
* Facilities;
* Computers, including e-mail;
* Desks;
* Lockers; and
* Vehicles.
ALL NON-INSTITUTION-AFFILIATED PARTIES & VENDORS
- Accreditation or license validation (for each new project if the position requires credentials);
- Better Business Bureau check (for each new project);
- Business licenses and appropriate certificates and permits (for each new project);
- Code of Conduct (for each new project, if appropriate);
- Confidentiality agreement with an accompanying copy of client's Information Security Policy (initially, at the time of promotion and annually);
- Criminal history checks on all principals (for the initial project and periodically for different types of projects);
- Drug screen (for the initial project, if appropriate);
- Employee handbook (for each new project);
- Financial statement (for the initial project, if appropriate); and
- Reference validation (for the initial project).
Last edited by Dana Turner; 06/17/02 12:03 PM.
Previous Thread
Index