What Impact Has Coronavirus Had On Enhanced Due Diligence?
In what’s been a year like no other, we have seen the significance of the impact of the COVID-19 pandemic on all aspects of the business world.
Many traditional business practices have been completely overhauled as global restrictions introduced huge limitations on travel, face-to-face meetings and office based working.
With uncertainty, comes risk. As organisations have been forced to adapt and evolve with the changing environment, the opportunity for risk becomes even greater.
There’s never been a more crucial time for having the full picture in front of you than right now.
Impact of COVID-19 on Due Diligence
The unprecedented nature of the last year means that it can’t be considered a typical year for most institutions. While some industries may recover quickly, others will face a longer road back to normality. As a result, the impact of “the new normal” on a business may need to be adopted as part of reasonable due diligence processes.
Making matters more tricky is the inability to offer in-person visits or assessments due to social distancing restrictions. With more checks being completed virtually, firms are now considering all of the tools at their disposal to get a full understanding ahead of a deal.
It is important to remember confidentiality issues: Due Diligence processes are sensitive and require confidential data handling
Engage and access the right people: Information that comes quick and in a good quality is essential
Here, Deloitte highlight the importance of using third party due diligence providers to ensure confidentiality and quality of information. While the landscape keeps changing, cutting corners will only increase the risk of foul play.
Global Uncertainty Sees COVID Fraud Risks Soar
The disruption and uncertainty of a global pandemic is a potential breeding ground for fraudulent activity. The ongoing unpredictability of the situation makes it harder to spot unusual activity as businesses are forced to improvise.
KPMG’s Fraud Barometer signalled that although the overall figure for reported and tried fraud cases dropped in 2020, there is a “tsunami of fraud” on the way for 2021. This all comes as the court systems attempt to catch up with the backlog of cases.
Opportunistic attackers have taken advantage of the uncertainty, particularly of the dedicated coronavirus support on offer to businesses.
PwC have reported a spike in false positives for financial institutions, as their software learns to deal with the changing circumstances. Even compliance systems with machine learning capabilities are struggling to adjust to what would appear to them to be unusual behaviour. This makes filtering out the real red flags even more difficult.
Organisations are under increasing pressure to make decisions first and ask questions later, as they evolve with the changing landscape. It’s easy for business practices like supplier controls to be bypassed and important due diligence questions missed.
Internal COVID Fraud Risk On the Rise
Over the past year, we have provided thousands of open source background screening checks as part of our enhanced due diligence services. While every case is different, and confidential, we have noticed data trends suggesting activity such as internal fraud is on the rise.
A recent case of operational due diligence uncovered fraudulent activities with two parties trading internally to inflate their books. Our deep web network analysis uncovered links between the companies including shared directors. Trading was taking place in a perceived effort to inflate their books as a way to appeal to potential investors.
With the true financial impact of the pandemic still being felt worldwide, businesses are seemingly turning to illegitimate practices in order to stay viable.
Fraudulent behaviour continues to thrive during COVID with our due diligence data suggesting there are two clear trends:
Existing fraudsters continue to operate, with opportunistic attackers looking to exploit the current uncertainty
Traditionally sound companies are being forced to improvise – sometimes resulting in fraudulent behaviour
Post-COVID Risk Management
So how can businesses manage the ongoing increased risks in a post-COVID world?
It’s fair to expect some changes to business practice to be intermediary, while some will be around in the longer term. Ensuring staff are aware of the heightened risk is a start, with clear education about the different opportunities for fraud or non-compliant behaviour.
Adapting risk assessments to reflect “the new normal” and to adopt some of the virtual tools that have likely been introduced is another important step.
But what about detection? What can be done to identify risk?
The key is to ensure businesses are using ALL of the assets that are available to them.
KPMG have highlighted the need to adapt due diligence processes to the changing landscape. They flagged the importance of using publicly available information sources as part of their recently shared Differentiated Diligence document. The report suggests supplementing existing due diligence practices with new technologies to reduce risks. Social media is suggested as one of the key differentiators for effective due diligence post-COVID.
In a world where you can’t meet people face to face, tools that help uncover the history, behaviour and attitudes of the people you’re dealing with become more crucial.
Our enhanced due diligence services combine machine learning, AI and human analysis to eliminate false positives. Using only publicly available data, we’re able to paint a full picture of the “people risk” of any deal.
One of the most common questions we get asked is how our searches comply with GDPR. In particular, there are always questions around privacy, data protection and social media screening. Our searches are fully compliant and are always updated to reflect any changes in regulations – but questions are always asked once social media is added to the checking process.
Here’s some common questions we get asked:
Do you need consent under GDPR to run these checks?
Are social media checks common practice?
Can the candidate see their report?
While I need to manage risk / comply with regulations, I don’t want to be intrusive…
Here’s a breakdown of current regulations, the risks of running checks internally and tips on how to stay compliant.
International Social Media Screening
Social media screening as part of background checking has existed in some form since the platforms began and recent studies suggest their deployment is only going to increase.
The US government introduced a new visa procedure in 2019 which demands foreign visitors applying for working visas to disclose their social media accounts on their applications. They see social media as a reliable and valuable way to review a person’s behaviours and attitudes, beyond just database or box-checking exercises.
With the use of social media screening growing, the need for a consistent, regulated approach is obvious.
What are the data protection laws when it comes to social media?
Data protection laws are different all around the world, so the complexities change depending on the jurisdiction. The EU, for example, takes data protection very seriously and in 2018 brought in the GDPR.
We’re all familiar with the basic ins and outs of the GDPR by now and the hefty fines that can be given out for breaking these guides.
Specifically relating to social media, the GDPR states that employers should notify candidates before viewing their social media accounts unless they have a lawful basis for processing data – such as consent or legitimate interests. It goes on to state that employers should only take into account data that is relevant to the role.
As a third party background screening provider, at Neotas we have “legitimate interest” to perform these checks for business purposes, as requested by our clients. Our reports only include role-related risks and our policies are consistently updated to reflect changes in legislation.
Screening to be conducted as late as possible in the recruitment process (to avoid the opportunities for human bias)
Candidates should be made aware of any screening that will take place and how it will be conducted
Only accessing publicly available information
Screening levels being proportionate to the seniority of the role
The overall guidance here is clear:
Only review relevant, role-related data
Ensure that protected characteristics remain protected
Only process data if you have a lawful basis for doing so
The Risks of Internal Social Media Screening
The risks that come with carrying out social media background checks in-house are significant. By combing through a candidate’s social media accounts, protected characteristics (such as race, sexuality, political stance) are unintentionally revealed to internal staff.
Whether intentional or not, it’s both illegal and unethical to make hiring decisions based on these characteristics. Internal staff are left exposed to potential accusations of unconscious or discriminatory bias, accusations that could prove costly in any legal proceedings. It would be difficult to legally argue that discriminatory bias hadn’t taken place if staff were exposed to personal data for potential new hires.
Using Third Party Background Screening Providers
Using a third party background screening provider is the best way to avoid these risks and the financial or reputational damage that can come with them.
While they may mean well, internal staff are less likely to be trained in data handling and may be less aware of the stringent GDPR practices that must be followed.
Third party providers like Neotas are externally audited, regulated by industry standards and often hold external certification to process sensitive data. At Neotas, we are:
Alongside the technical certifications, third party background screening providers are completely objective. Providers like Neotas have zero hidden agendas and we only ever present relevant, role-related risks in our reports. Our role is to demonstrate that the candidate meets the level of honesty and integrity expected of their new position.
Lastly, the technology used is cutting edge, capable of processing data at hugely efficient speeds. Our AI and machine learning technology processes vast quantities of data, highlighting potential risks before context is applied by objective human analysis. This way, protected characteristics remain protected and candidates need not worry about their new employer seeing old holiday photos.
2020 proved to be a truly remarkable year globally, with all industries feeling the impact and repercussions of the pandemic. Throughout the year, we provided thousands of objective background check services, from pre employment background screening through to a host of third party due diligence services.
While the exact results of course remain strictly confidential, here’s a sneak peak into some of the data trends and highlights from an unprecedented year.
What is included in a background search?
First of all, let’s establish what’s included in our searches. Our background check services scour the web for anindividualor organisation’s full digital footprint, from surface level through to the deep web.
Standard background checks like DBS checks can be limited to just checking databases, while we go a step further and leave no stone unturned. For HR & Recruitment purposes our pre-employment background checks canlook intoemployment and education histories, criminal activities and social media screening.
A Neotas third party due diligence search often includes all of the above, plus checking against international PEP & sanction lists, investigating business networks and a host of anti-fraud checks.
Whether it’s cross referencing employment data with digital records, or assessing international networks or criminal links, there’s no time or jurisdiction limit on our searches.
How are we able to search for this?
Our enhanced due diligence methods combine proprietary AI technology with machine learning and expert human analysis. We’re able to identify business risks that wouldn’t appear in other searches.
Simply put – we process more data, from more sources than traditional searches.
So what did we find in 2020?
To be brief – a lot.
Nearly a third of cases through 2020 uncovered medium-high risk behaviours, warranting further investigation. So what types of behaviours do these include?
3-5% display red flags Red flags highlight high-risk behaviour for serious indiscretions such as inappropriate or sexually explicit content, substance abuse, violence, racism, PEPs or previous sanctions.
20-25% display amber flags Amber flags refer to medium-risk behaviour that may be inappropriate, but needs further investigation. Such as: employment or education inconsistencies, adverse media, undisclosed directorships.
70-77% display green flags Green flags return no obvious indiscretions. These cases are verified and the suitability of the candidate or deal is confirmed.
What is Red Flag Behaviour?
Up to 5% of cases displayed what is determined as a serious, or red flag, risk. Neotas searches all publicly available data from financial & tax records to social media accounts. As a result, red flags can vary from serious undisclosed financial conduct to consistent patterns of discriminatory behaviour.
Our recommendation would always be to investigate these behaviours further and likely take action to lower the risk of financial or reputational damage.
Download the full report to reveal the most common red flag behaviours.
We would never reveal exact case details and all of our reports are held to the highest data protection standards. These are some anonymised examples of the types of the most serious cases discovered in 2020:
A founder CEO who boasted about having defrauded his public sector client and threatened exiting staff with violence
A COO who needed to be removed for consistent racist and misogynistic abuse of staff
A founder who rewarded their salespeople for dirty tricks against clients by sharing cocaine
What is Amber Flag Behaviour?
Up to 25% of cases displayed consistent behaviours that could pose potential risks to businesses or individuals. While not all of the behaviours flagged here lead to further action or qualify as red flags, our human analysts apply context to the findings and highlight those that warrant further investigation.
Although an amber flag may not appear as serious as a red flag, they still pose serious potential risks. The most commonly flagged behaviours include employment inconsistencies, links to explicit content and undisclosed directorships – all of which come with the potential to escalate into a costly or damaging situation.
2020 Insights & 2021 Predictions
While global restrictions remain in-place and business interactions become more digitised, effective verification and vetting processes have never been more critical. With due diligence requirements also continuing to change year-on-year, it’s crucial to stay ahead of the curve and use all of the resources available.
Vero Screening recently published their predictions for employment screening trends in 2021. They predict that social media background checks in particular will become a critical part of the screening process as the workplace become less familiar amidst the ongoing restrictions.
In 2020, nearly a quarter of cases reviewed highlighted a potentially serious business risk, so the need for thorough checks is clear. Third party due diligence and employment background checks lower risks by being both objective and comprehensive. Only with this added security, can a business move forward with an investment or potential new hire with confidence and peace of mind.
We would love to chat to you about your background checking and due diligence needs, please feel free to schedule a call here. Alternatively, you can build a no-obligation quote using our pricing tool here.
What Makes An Expert Background Check from Neotas Different?
We are experts in background screening, from pre-employment online reputation checks to online due diligence for financial institutions. But background checks are nothing new, right?
We know that there are lots of companies providing different types of background checks out there, so why are ours different? Here’s why…
What is covered in a standard background check?
Everyone in recruitment for high-risk roles has to run standardised background checks and regulators require due diligence for financial services organisations. But what are these standardised checks and are there any weaknesses?
Typical background screening can include any number of elements including criminal (DBS check) and credit checks, references, qualifications and employment history, PEP & sanction list checks and media database searches. The issues with traditional background checks is that they’re limited by their very nature.
References, qualifications and employment history are all easily falsified while many of these checks, while effective, simply tell you whether a company or individual appears on a database or not. It’s a straightforward exercise that isn’t always robust or complex enough for properly identifying risk.
A DBS check, for example, is limited to show only crimes committed and convicted in the UK. What about international crime or migration? How much does it tell us about a person’s personal behaviours? What if there are non-convicted crimes from their past that could pose future reputational risks?
Then there are the issues around manual, in-house checks. These are often time consuming, resource draining and run the risks of bias. Exposing internal staff to bias, or accusations of it, could be seriously damaging to any organisation.
As experts in background screening, our reports are completely objective and all-encompassing, best of all they are supercharged by incredible advanced technology. We use OSINT (Open Source Intelligence) to Go Beyond our competitors and current services listed above into data that isn’t covered in standardised checks. We paint a complete picture.
The Neotas methodology leverages open source intelligence by combining proprietary algorithms, machine learning, natural language processing, and human input to investigate individuals and entities in core risk areas.
Open source data isn’t exclusive to Neotas, it’s publicly available and everyone has access to it – but only experienced industry specialists like us have the skillset and technology to unlock it fully.
Best of all? We’re able to guarantee results at a fraction of the cost and in a much faster timeframe than traditional risk consultancies.
“Our results continually show that we are providing more information than any other screening system out there” Ian Howard, Founder, Neotas
Do enhanced checks replace standard background screening?
We don’t replace existing checks, we supplement them and enhance the results. The traditional checks listed above all have their strengths and many remain legal requirements for certain roles or regulations.
By supplementing standardised checks with OSINT, we uncover 100% of publicly available data, from surface level (search) through to the deep and dark web. In contrast, typical online or desktop search facilities can only account for 4-6% of available information.
This process enables Neotas to accurately report on the character, behaviour, networks and risks associated with the subjects it investigates and highlight critical information that is not identified by the traditional desktop tools. Using OSINT provides a richer, more complete profile of real people – not just database results.
Are Neotas background checks compliant with all regulations?
Our searches and results are all completely in the public domain. All searches and results are fully compliant with GDPR and all other regulatory requirements. That’s guaranteed. So what are the expectations for the regulators?
The regulators, including the FCA, expect any information in the public domain to be used in risk-based decisions. In these cases, lack of knowledge would be hard to defend when the data is so readily available.
Organisations such as Thomson Reuters and LexisNexis collate adverse media data from sources like news websites, online search and sanction lists. Our definition of “media” takes that one step further.
We collate information from the full digital footprint of a business or individual, including social media. This advanced definition of media is crucial and continues to evolve all the time. With new mediums constantly developing, it’s critical that background screening stays relevant this way and continually adapts to include new channels.
Is social media screening ethical? Do background check results stay private?
Privacy matters at Neotas. Our reports ensure that protected characteristics stay protected. As a third party, we will objectively review a lot of information but only the incidences flagged as risk indicators will be reviewed. We only include relevant data in the report.
Our role will only ever be to demonstrate that a candidate or business meets the level of honesty and integrity expected, then highlight any points of concern.
“… using Neotas allows us to cover potential risks more thoroughly at lower cost to our clients.” Mike Hicks, Founder, Catalysis Advisory
What is shown on a background check report from Neotas?
Our reports are clear, concise and always supported by clear evidence. We identify risk indicators using a traffic light system. “Red flag” behaviours indicate serious risk, “amber flags” show potential risk that may warrant further investigation. A “green flag” shows minimal risk and confirms the suitability of the candidate or investment.
In all cases, the crucial element for a Neotas search is the context we provide. In due diligence cases, our report provides detailed evidence and an audit trail – including source, screenshot and relevance. We assist clients by providing a framework to help with their decision making processes, ensuring that AI powers the search but our clients make the final risk decision.
For HR and Recruitment, context is equally important. Our HR and Recruitment reports highlight clear risk indicators like abusive or discriminatory language, violence or undisclosed criminal behaviour. We search only for role-related risks and behaviour patterns, reports do not display personal, sensitive information or content.
How is a Neotas search more advanced than standard background checks?
Our signature blend of AI, machine learning and human analysis means we can process data at a hugely efficient rate while producing the highest quality search results. This technology drives all of our searches and is one of the main reasons why we’re able to provide high-end checks both faster and in a more cost efficient way than our competitors.
Although Neotas searches are powered by advanced technology, human analysis remains critical to what we do. Qualitative analysis of reports ensure all results are fully contextualised and that only clear risk indicators are included.
Can Neotas provide international background checks?
Harnessing this advanced technology makes it possible to interrogate unindexed and unstructured information across global data sets and languages, with zero false positives and on an unlimited timeline.
Using in-house skills and machine translation tools, our searches are able to process data in over 200 languages. We provide enhanced due diligence across global jurisdictions, removing the limitations of traditional criminal or background checks that may only investigate localised or regional databases.
In practice, this technology enables us to identify international aliases, networks and financial data in a rapid turnaround time.
What bodies regulate Neotas background searches?
As a member of AFODD, we guarantee to provide results that have been obtained entirely within the law through access to publicly held information. The rigorous membership criteria ensures that services are held to the highest standards, providing confidence to organisations who want to use internet searches for pre-employment, due diligence or KYC purposes.
Alongside AFODD, we hold ISO 27001 and POSS (Personal Online Screening Standard) certification. ISO 27001 is the highest international standard for managing information security. POSS guarantees that our DD searches are carried out by qualified experts, with consent, and fully in line with UK data protection laws.
How will these background searches protect your staff and reputation?
Accusations of bias, whether conscious or unconscious, can be damaging to any organisation or individual. The real risk comes when these checks are conducted internally. Internal checks leave compliance personnel and recruitment managers exposed to accusations of bias when reviewing potentially sensitive data.
Legally, it’s hard to prove an organisation didn’t use the information seen by an employee to inform any decision. I.e, in the event of a claim, it may be assumed that if you accessed information, you used it to inform your decision. Outsourcing removes this possibility. Neotas are able to process vast amounts of data objectively, only presenting the relevant, risk-based results.
Do you only background check suspicious profiles?
Up to 25% of our cases in 2020 identified at least an “amber flag” within the report, with up to 5% displaying more serious “red flag” behaviours. With a quarter of cases needing further investigation, deeper analysis insight is clearly critical for safeguarding businesses and improving decision making.
Equally important is that 75-80% of cases return “green flags” – confirming the suitability of a candidate or investment. This confirmation can act as a final seal of approval on a potential investment or hiring decision and comes with a guarantee of zero false positives.
Here’s the Difference
We have the benefit of being experts in background screening and ultimately, our role is to bridge the gap between the information that’s available and the information that’s leveraged for risk-based decision making. The data itself is useless without the tools, insight and deep industry expertise to analyse and contextualise it. There’s where Neotas make the difference and that’s what sets us apart.
We harness proprietary advanced technology to provide insights that are high quality and hyper-accurate, all while keeping costs low. We guarantee to lower risks and improve decision making, that’s the real difference.