Scherzer Blog

Vermont is the latest state to restrict credit reports in employment decisions

Effective July 1, 2012, Vermont will be the eighth state to regulate the use of credit-related information for employment purposes. Although similar in many ways to laws already enacted in California, Connecticut, Hawaii, Illinois, Maryland, Oregon and Washington, Vermont’s requirements under Act No. 154 exceed those of other state laws as they prohibit even exempt employers from using an applicant or employee’s credit history as the “sole factor” in employment decisions. Additionally, Vermont exempt employers who take adverse action based in part on a credit history must return the report to the individual or destroy it altogether. Neither the Fair Credit Reporting Act (FCRA) nor any of the other similar state laws imposes such a requirement.

Generally, the Act prohibits employers from inquiring into an applicant’s or employee’s credit report or credit history, and further bans employers from discriminating against or making employment decisions (e.g. hire, fire, alter the compensation or any other term or employment condition) based on a credit report or credit history. Notably, credit history in this context includes credit information obtained from any third party that reflects or pertains to an applicant’s or employee’s “borrowing or repaying behavior, financial condition or ability to meet financial obligations,” even if that information is not contained in a “credit report.”

The trend in restricting credit report use for employment purposes will continue as several other states and the federal government are considering comparable legislation. Soon to follow most likely will be New Jersey. In May 31, 2012, the Senate approved S455 that would prohibit employers from seeking credit checks on employees or applicants under most circumstances. A parallel bill (A2840) was introduced by the Assembly on May 11, 2012, and a similar bill (A704) in December 2011.

|Employment Decisions, Legislation|

Highlights of ACFE’s 2012 report on occupational fraud

The Association of Certified Fraud Examiners (ACFE) recently released its Report to the Nations on Occupational Fraud and Abuse – 2012 Global Fraud Study. The ACFE states that the Report is based on data from 94 countries compiled from studies of 1,388 occupational fraud cases that occurred between January 2010 and December 2011, and were investigated by certified fraud examiners. The ACFE conducts global occupational fraud studies every two years. According to the Report, a typical organization loses 5% of its revenues to fraud each year, which translates to more than $3.5 trillion if applied to the estimated 2011 Gross World Product. As in its prior studies, the Report shows that the industries most commonly affected by occupational fraud are banking and financial services, government and public administration, and manufacturing. Small organizations suffered the largest median losses. The Report indicates that asset misappropriation continued to be the most frequently committed fraud, yet least costly, with a median loss of $120,000, while financial statement fraud remained the least frequent but the most costly, with a median loss of $1,000,000. Below are the Report’s findings about the fraud perpetrators:

Perpetrators with higher authority levels tend to cause much larger losses. The median loss among frauds committed by owner/executive was $573,000, by managers it was $180,000, and by employees, $60,000.
Vast majority (77%) of all frauds were committed by individuals working in one of six departments: accounting, operations, sales, executive/upper management, customer service or purchasing.
In 81% of cases, the fraudster displayed one or more behavioral red flags that are often associated with fraudulent conduct: living beyond means (36%), financial difficulties (27%), close association with vendors or customers (19%) and excessive control issues (18%).
Approximately 87% of the fraudsters had never been charged or convicted of a fraud-related crime, and 84% had never been punished or terminated for fraud-related conduct.

The Report further notes that the most frequent method of detection continued to be by tip, which occurred in 43.3% of the cases, followed by management review and then by internal audit detection. For entities with fraud hotlines, the likelihood that the fraud would be found by tip was 50.1% whereas for entities without a fraud hotline, that likelihood decreased to 35%, according to the Report. Overall, the median duration of a fraud before being discovered remained consistent with the ACFE’s 2010 study, at 18 months. Nearly half of victim organizations do not recover any losses suffered from a fraud.

The Report confirms that the nature and threat of occupational fraud is universal. Though its research noted some regional differences in the methods used to commit fraud – as well as organizational approaches to preventing and detecting it – many trends and characteristics are similar regardless of where the fraud occurred. The Report recommends that management should continually assess the organization’s specific risks and establish or revise compliance and fraud prevention programs accordingly.

|Criminal Activity, Fraud|

What’s the practical meaning of EEOC’s new criminal records guidance?

On April 25, 2012, the U.S. Equal Employment Opportunity Commission (“EEOC”) approved new enforcement guidance regarding the use of arrest and conviction records in employment decisions. The guidance builds on longstanding court decisions and requirements that the EEOC issued over twenty years ago, focusing on employment discrimination based on race and national origin.

In brief, the new guidance’s position is more aggressive, affirming that employers cannot automatically disqualify applicants with criminal records, and that their screening policies need to be consistent and structured for “individual assessment.” The guidance’s main points state that:

An arrest record does not establish that criminal conduct has occurred, and an exclusion based on an arrest, in itself, is not job related and consistent with a business necessity. However, an employer may make an employment decision based on the conduct underlying an arrest if such conduct makes the individual unfit for the particular position.
A conviction record will usually serve as sufficient evidence that a person engaged in a particular conduct. In certain circumstances, however, there may be reasons not to rely on the conviction record alone when making an employment decision.
A violation may occur when an employer treats criminal history information disparately for different applicants or employees, based on their race or national origin (disparate treatment liability). An employer’s neutral policy (e.g., excluding applicants from employment based on certain criminal conduct) also may disproportionately impact protected-class individuals and may violate the law if not job related and consistent with a business necessity (disparate impact liability)

The EEOC specifies two circumstances in which employers will meet the “job related and consistent with a business necessity” defense:

The employer validates the criminal conduct exclusion for the particular position under the Uniform Guidelines on Employee Selection Procedures (i.e., if there is data or analysis about criminal conduct as being related to subsequent work performance or conduct;) or
The employer develops a targeted screen considering at a minimum the nature of the crime, the time elapsed, and the particular job. The employer’s policy then provides an opportunity for an individualized assessment for those individuals identified by the screen to determine if the policy, as applied, is job related and consistent with a business necessity.

The guidance further asserts that although Title VII does not require individualized assessment in all circumstances, the use of a screen that does not include such assessment is more likely to violate its provisions. As an example of individualized assessment process, the EEOC recommends providing the applicants an opportunity to explain why they should not be denied a position due to the criminal record. The guidance also specifies the following factors that employers should assess:

Facts or circumstances surrounding the offense or conduct;
Number of charges of which the individual was convicted;
Older age at the time of conviction, or release from prison;
Evidence that the individual performed the same type of work, post-conviction, with the same or different employer, with no known incidents of criminal conduct;
Length and consistency of employment before and after the offense or conduct;
Rehabilitation efforts, e.g., education/training;
Employment or character references and any other information regarding fitness for the particular position; and
Whether the individual is bonded under a federal, state, or local bonding program.

The guidance recognizes that some employers are subject to federal statutory and/or regulatory requirements that prohibit them from hiring individuals with criminal records for certain positions. The EEOC notes that its new guidance does not preempt such federal guidelines, and explains that employers may be subject to a claim under Title VII if they scrutinize individuals to a higher degree than required under applicable federal requirements.

As in its previous version, the EEOC’s new guidance is not meant to be a deterrent to conducting background checks. But it should serve as a reminder that hiring policies and practices must be structured in compliance with the law.

|Employment Decisions|

Agencies jointly support that FCRA Section 1681c does not violate first amendment

On May 3, 2012, the Federal Trade Commission (FTC) joined the Department of Justice (DOJ) and the Consumer Financial Protection Bureau (CFPB) in filing a memorandum brief in support of the constitutionality of the Fair Credit Reporting Act (FCRA), established in 1970 to protect credit report information privacy and to ensure that the information supplied by consumer reporting agencies (CRAs) is as accurate as possible.

In the case of Shamara T. King vs. General Information Services, Inc. (GIS), the CRAs address a provision of the FCRA that balances the Act’s dual purposes, i.e., to protect consumers from privacy invasions caused by the disclosure of sensitive information and to ensure a sufficient flow of information to allow the CRAs to fulfill their vital role.) The provision, Section 1681c, bars CRAs from disclosing arrest records or other adverse information that is more than seven years old, in most cases.

The agencies brief refutes GIS’s argument that this FCRA protection is an unconstitutional restriction of free speech, pointing out that the recent U.S. Supreme Court case law that GIS cites to support its argument, Sorrell v. IMS Health Inc., “does not change the settled First Amendment standards that apply to commercial speech, nor does it suggest that restrictions on the dissemination of data for commercial purposes

[such as those by CRAs] must satisfy stricter standards.” Therefore, the brief concludes, the court should not invalidate the FCRA provision, as it “directly advances the government’s substantial interest in protecting individuals’ privacy” while also accommodating the interest of businesses. The case is pending.

|Judgment|

Whistleblower activity for SEC violations on the rise

The U.S. Senate reports that more than half of all uncovered frauds have originated from whistleblower tips. Since the SEC’s Office of the Whistleblower was launched in August 2011, officials have been dealing with close to 100 tips per day. And this number is expected to double in the coming years with Dodd-Frank’s provisions for monetary incentives and protection from retaliation.

While coming to grips with the complexities of Dodd-Frank, many companies and financial institutions are heightening their efforts to mitigate the potential liability from whistleblowing. Developing and evaluating existing risk management and compliance programs is now a priority. The programs established under the 2002 Sarbanes-Oxley Act may not be effective in this new regulatory environment, and may need to be modified or strengthened, with an emphasis on internal communications and investigations of possible violations. When determining if and how much leniency to grant an entity, the SEC notes that “the promptness with which entities voluntarily self-report their misconduct…is an important factor.”

According to a recent study published by the Association of Certified Fraud Examiners and the Institute of Internal Auditors, fraudulent acts by employees and outsiders rise during periods of economic stress. Crime experts say that fraud and other misconduct are committed primarily because of three factors, referred to as the Fraud Triangle, and involve financial pressure, opportunity, and rationalization. In these still challenging times, businesses of all types and sizes need to tighten their internal controls and be proactive in preventing wrongful acts. Allocating budgets for compliance programs which include compelling due diligence with a focus on background investigations, will provide a high return on the investment and ultimately protect the bottom line.

|Dodd-Frank, Violations|

The White House casts “Consumer Privacy Bill of Rights”

Over two years in the making, and backed by online ad powerhouses such as AOL, Microsoft, Yahoo, and even Google, the Bill of Rights announcement on February 22, 2012 pulls together consumer privacy initiatives of both the Federal Trade Commission (FTC) and the Commerce department. Intended to lead to new legislation that fills the gaps of current U.S. privacy laws, the bill promotes a set of standards for the fair handling of private information based on a set of principles that date back to the early 1970s known as the Fair Information Practices.

The Consumer Privacy Bill of Rights applies to personal information, which means any data, including aggregations of data that is identifiable to a specific individual, and to a specific computer or other device. According to the Administration, this bill will establish codes of conduct and call for strong enforcement, ultimately increasing interoperability between the U.S. consumer data privacy framework and that of its international partners. Below are the bill’s highlights.

Individual control. Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
Transparency. Consumers have a right to easily understandable and accessible information about privacy and security practices.
Respect for context. Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
Security. Consumers have a right to a secure and responsible handling of personal data.
Access and accuracy. Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
Focused collection. Consumers have a right to reasonable limits on the personal data that companies collect and retain.
Accountability. Consumers have a right to have personal data handled by companies with appropriate measures in place to ensure that they adhere to the Consumer Privacy Bill of Rights.

|Legislation|

Identity theft again tops FTC’s top complaints list for 2011

Identity theft again tops FTC’s top complaints list for 2011

The Federal Trade Commission (FTC) on February 27, 2012 released its list of top consumer complaints received by the agency in 2011. For the twelfth year in a row, identity theft topped the list at 279,156 complaints or 15%. The breakdown for the next nine complaint categories (from a list of 30) is as follows:

Category	Number	Percentage
Debt collection	180,928	10
Prizes, sweepstakes, and lotteries	100,208	6
Shop-at-home and catalog sales	98,306	5
Banks and lenders	89,341	5
Internet services	81,805	5
Automobile-related	77,435	4
Imposter scams	73,281	4
Telephone and mobile services	70,024	4
Advance-fee loans and credit protection/repair	47,414	3

The FTC records the complaints in its Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. Other federal and state law enforcement including the U.S. Postal Inspection Service, the Department of Justice’s Internet Crime Complaint Center, and the attorneys general offices of Idaho, Michigan, Mississippi, North Carolina, Ohio, Oregon, Tennessee, and Washington also contribute to the database content, along with private-sector organizations such as U.S. and Canadian members of the Better Business Bureau, Western Union and Moneygram, and the Lawyers Committee for Civil Rights Under Law.

|Criminal Activity, Educational Series|

CFPB proposal would put larger debt collectors and credit reporting agencies under the same supervision process as banks

The Consumer Financial Protection Bureau (CFPB) on February 16, 2011 announced a
proposed rule to include debt collectors and consumer reporting agencies under its nonbank
supervision program.

Created by the Dodd-Frank Wall Street Reform and Consumer Protection Act, the CFPB is
authorized to supervise nonbanks in the specific markets of residential mortgage, payday
lending, and private education lending. For other nonbank markets of consumer financial
products or services, the CFPB must define “larger participants” by rule, which is due on
July 21, 2012.

Three types of debt collection agencies dominate the market: firms that collect debt owned
by another company for a fee, firms that buy debt and collect the proceeds for themselves,
and attorneys and law firms that collect debt through litigation. A single company may be
collecting through any or all of these activities. Under the proposed rule, debt collectors
with more than $10 million in annual receipts from collection activities would be subject to
supervision. The CFPB estimates that the proposed rule would cover approximately 175 debt
collection firms (or 4% of debt collection firms) which account for 63% of annual receipts
from the debt collection market.

The CFPB’s proposal also takes aim at the largest credit bureaus selling comprehensive
consumer reports, consumer report resellers, and specialty consumer reporting agencies.
Defined as companies that make more than $7 million annually from their consumer
business, the rule would affect 30 companies, and firms like Experian, TransUnion and
Equifax, that account for 94% of the industry’s business.

This is the CFPB’s first in a series of rulemakings to define larger participants. The CFPB
chose annual receipts as the criterion for both debt collection and consumer reporting
because it approximates participation in these two markets.

The proposed rule is open for comment for 60 days after the rule is published in the Federal
Register.

|Dodd-Frank|

Mobile apps may violate Fair Credit Reporting Act

On February 6, 2012, the Federal Trade Commission (FTC) issued warning letters to the marketers of six mobile applications that provide background screening apps that they may be violating the Fair Credit Reporting Act (FCRA.) The FTC said that if the background reports are being used for employment or other FCRA purposes, then the marketers and their clients must comply with the FCRA.

According to the warning letters, the FTC has not made a determination whether the companies indeed are violating the FCRA, but encourages them to review their apps, and their related policies and procedures. The FCRA is designed to protect the privacy of consumer report information and ensure that the information provided by consumer reporting agencies is accurate. Consumer reports are communications that include information about an individual’s character, reputation, or personal characteristics, and are used or expected to be used for purposes such as employment, housing or credit.

Under the FCRA, entities/operations that assemble or evaluate information to provide to third parties qualify as consumer reporting agencies (CRAs.) Mobile apps that supply such information also may qualify as CRAs under the Act. CRAs must take reasonable measures to ensure the user of each report has a ‘permissible purpose’ to use the report, take reasonable steps to ensure the maximum possible accuracy of the information conveyed in the report, and provide users of its reports with information about their obligations under the FCRA. In employment-purpose consumer reports, for example, CRAs must provide employers with information regarding their obligation to give notice to employees and applicants of any adverse action taken on the basis of a consumer report.

|Judgment|

SI case study: “A career in fraud”

A prospective client investigation was ordered on a company and its president, but the preliminary information was enough to reject this individual or any company under his control from the proposed business engagement. Initial court searches uncovered a 2003 criminal misdemeanor conviction for possession of a false identification to be used to defraud. The index did not provide much information and the file was destroyed by the court, so SI’s analyst turned to media sources to dig deeper. Sure enough, one article referenced guilty pleas entered by the subject and his business partner for hiring imposters to take the Series 7 securities brokers’ examination for them. Each was sentenced to a year of probation and fined $5,000. Articles from 2004 reported three civil cases for fraud in jurisdictions where the subject appeared to have no residential history. Follow-up research found that judgments in these lawsuits totaled more than $4.6 million. Several articles also linked the subject to a con artist who had admitted to defrauding ethnic organizations and individuals of $80 million during the late 1990s. And in 2007, the FDIC had executed a settlement agreement with the subject and (the same) business partner after they allegedly failed to seek FDIC approval before making an investment in an unregistered bank holding company. On the whole, this company president had been engaged in fraudulent activities for over a decade and no legal or regulatory action appeared to stop his mode of operation.

|Fraud|

Previous 434445 Next