Compliance Built Into Every Background Check
Stay compliant with FCRA, GDPR, EEOC, and state laws without the complexity. Automated consent, adverse action workflows, audit trails, and compliance documentation — all included.
Why Compliance Matters
Background check violations carry serious penalties. We help you avoid them.
Legal Liability
FCRA violations can result in statutory damages of $100-$1,000 per violation, plus punitive damages and attorney fees in class actions.
Financial Risk
FCRA class action settlements routinely reach tens of millions of dollars. Even small violations can become expensive at scale.
Reputation Damage
Non-compliance can damage your brand and make it harder to attract talent, especially in competitive markets.
📊 The Cost of Non-Compliance
In 2023 alone, FCRA class action settlements exceeded $100 million. Common violations include improper disclosures, missing adverse action notices, and using reports without proper authorization. Our compliance tools help you avoid these costly mistakes.
Compliance Tools Included
Everything you need to screen compliantly, built into the platform.
Consent Management
FCRA-compliant disclosure and authorization forms with electronic signature capture.
- ✓Standalone disclosure (FCRA required)
- ✓Electronic authorization
- ✓E-signature with timestamps
- ✓State-specific addenda
- ✓Multi-language support
Adverse Action Workflow
Automated pre-adverse and final adverse action notices with proper timing and documentation.
- ✓Pre-adverse notice generation
- ✓Waiting period tracking
- ✓Final adverse notice
- ✓Summary of rights included
- ✓Delivery tracking
Audit Trails
Complete documentation of every action for compliance audits and legal defense.
- ✓Timestamped activity logs
- ✓User action tracking
- ✓Document retention
- ✓Exportable records
- ✓7-year retention
State Law Compliance
Automatic application of state-specific requirements including ban-the-box and salary history bans.
- ✓Ban-the-box compliance
- ✓State disclosure addenda
- ✓Waiting period rules
- ✓Record lookback limits
- ✓Automatic updates
EEOC Guidance
Tools to support individualized assessment and reduce disparate impact risk.
- ✓Individualized assessment forms
- ✓Nature-time-nature framework
- ✓Job-relatedness documentation
- ✓Candidate response tracking
- ✓Decision documentation
Data Security
Enterprise-grade security to protect sensitive candidate information.
- ✓SOC 2 Type II certified
- ✓TLS 1.3 encryption
- ✓AES-256 at rest
- ✓Access controls
- ✓Data retention policies
FCRA Compliance
The Fair Credit Reporting Act governs employment background checks in the US.
📋 What FCRA Requires
The FCRA sets specific requirements for employers using consumer reports for employment purposes:
- ✓Standalone disclosure — Clear, written notice to the candidate
- ✓Written authorization — Candidate’s signed consent
- ✓Permissible purpose — Legitimate employment reason
- ✓Pre-adverse action — Notice before taking action
- ✓Waiting period — Reasonable time to respond (typically 5 days)
- ✓Final adverse action — Notice with rights summary
✅ How We Help
Our platform automates FCRA compliance so you don’t have to manage it manually:
- ✓Compliant forms — Lawyer-reviewed disclosure and authorization
- ✓E-signature capture — Legally valid electronic consent
- ✓Automated notices — Pre-adverse and final adverse action
- ✓Waiting period tracking — System enforces timing
- ✓Rights summary — Automatically included
- ✓Audit trail — Complete documentation
⚠️ Common FCRA Violations to Avoid
- ❌Combined disclosure — Mixing disclosure with other documents
- ❌Missing authorization — Running checks without signed consent
- ❌Skipping pre-adverse — Going straight to rejection
- ❌No waiting period — Not giving candidate time to respond
- ❌Missing rights summary — Not including “Summary of Your Rights”
Our platform prevents these violations automatically.
State & Local Law Compliance
Beyond FCRA, many states and cities have additional requirements.
🚫 Ban-the-Box
Many states prohibit asking about criminal history on initial job applications.
- ✓37 states + DC
- ✓150+ cities/counties
- ✓Timing restrictions
- ✓Automatic compliance
📅 Lookback Limits
Some states limit how far back criminal records can be reported.
- ✓7-year limits (CA, NY, etc.)
- ✓Conviction-only states
- ✓Salary thresholds
- ✓Automatic filtering
📝 State Disclosures
Several states require additional disclosures beyond federal FCRA.
- ✓California (ICRAA)
- ✓New York (Article 23-A)
- ✓Washington state
- ✓Auto-included addenda
🗺️ State Law Updates
State and local background check laws change frequently. Our compliance team monitors changes and updates our platform automatically so you don’t have to track legislation yourself.
GDPR & International Compliance
Screen internationally while respecting data protection laws.
🇪🇺 GDPR Compliance
The General Data Protection Regulation applies to EU candidates and companies.
- ✓Lawful basis — Consent or legitimate interest
- ✓Data minimization — Only collect what’s needed
- ✓Right to access — Candidates can request their data
- ✓Right to erasure — “Right to be forgotten”
- ✓Data transfer — Standard contractual clauses
- ✓Breach notification — 72-hour reporting
🌍 Global Coverage
We support compliant background checks in 200+ countries.
- ✓Local data sources — In-country records
- ✓Local language — Native consent forms
- ✓Privacy compliance — GDPR, PDPA, LGPD, etc.
- ✓Cross-border transfers — Proper safeguards
- ✓Country-specific rules — Local requirements
- ✓Right-to-work — Employment eligibility
GDPR
European Union data protection
UK GDPR
United Kingdom post-Brexit
LGPD
Brazil data protection
PIPEDA
Canadian privacy law
Adverse Action Workflow
Step-by-step compliance when you decide not to hire based on background check results.
Pre-Adverse Notice
Send the candidate a copy of their report, “Summary of Your Rights,” and notice that you’re considering not hiring them.
Waiting Period
Give the candidate reasonable time (typically 5 business days) to review and dispute any inaccuracies.
Final Adverse Notice
If you proceed with the decision, send final notice with CRA contact info, dispute rights, and free report offer.
🤖 Automated Adverse Action
Our platform automates the entire adverse action process. Click one button to send pre-adverse, the system tracks the waiting period, and prompts you when it’s time for the final notice. All notices, delivery timestamps, and candidate responses are documented automatically.
EEOC Guidance
Reduce disparate impact risk with individualized assessment.
📋 Individualized Assessment
EEOC recommends considering these factors before making adverse decisions based on criminal history:
- ✓Nature of the offense — Type and severity
- ✓Time elapsed — How long ago
- ✓Nature of the job — Relevance to position
- ✓Evidence of rehabilitation — What’s changed
- ✓Candidate’s explanation — Their perspective
✅ How We Support This
Our platform includes tools to document and support individualized assessment:
- ✓Assessment forms — Structured evaluation
- ✓Candidate response portal — Collect explanations
- ✓Decision documentation — Record reasoning
- ✓Audit trail — Defensible process
- ✓Consistency tracking — Uniform treatment
Industry-Specific Compliance
Some industries have additional screening requirements.
🏥 Healthcare
CMS, state health department, and facility-specific requirements.
- ✓OIG/GSA exclusion lists
- ✓State exclusion lists
- ✓License verification
- ✓FBI fingerprinting support
🏦 Financial Services
FINRA, SEC, OCC, and state banking requirements.
- ✓FINRA rule 3110
- ✓Section 19 compliance
- ✓Credit checks
- ✓Sanctions screening
🚚 Transportation
DOT and FMCSA requirements for drivers and safety-sensitive roles.
- ✓49 CFR Part 40 drug testing
- ✓FMCSA Clearinghouse
- ✓MVR checks
- ✓PSP reports
Compliance Resources
Guides, templates, and documentation to support your compliance program.
Security & Certifications
Enterprise-grade security to protect sensitive data.
SOC 2 Type II
Audited security controls for data protection.
Encryption
TLS 1.3 in transit, AES-256 at rest.
PBSA Accredited
Professional Background Screening Association member.
Registered CRA
Compliant Consumer Reporting Agency.
Compliance FAQs
Common questions about background check compliance.
What is the FCRA and does it apply to me?
The Fair Credit Reporting Act (FCRA) is a federal law that regulates consumer reports, including background checks used for employment. If you use a third-party background check company (like us) to screen candidates or employees in the US, FCRA applies to you.
What is adverse action and when do I need to follow it?
Adverse action is the process you must follow when you decide not to hire (or to fire, demote, etc.) someone based on information in their background check. It requires a pre-adverse notice, waiting period, and final adverse notice with specific required content.
What is ban-the-box and how does it affect me?
Ban-the-box laws prohibit asking about criminal history on initial job applications. 37 states and 150+ cities have these laws. Our platform automatically applies the correct rules based on the candidate’s location.
Do I need GDPR compliance for US candidates?
Generally no — GDPR applies to EU residents and companies operating in the EU. However, if you have EU candidates, EU employees, or do business in the EU, GDPR may apply. Our platform supports both FCRA and GDPR compliance.
How long should I keep background check records?
Best practice is to retain records for at least 5-7 years to defend against potential claims. EEOC recommends keeping records for at least one year after the decision. Our platform retains records for 7 years by default.
Can I use criminal records to automatically disqualify candidates?
Generally no. EEOC guidance recommends individualized assessment considering the nature of the offense, time elapsed, and relevance to the job. Blanket exclusions may create disparate impact liability.
Ready to Automate Compliance?
Get peace of mind with compliance-first background checks. Automated consent, adverse action, audit trails, and documentation — all built into every screening.
Start Compliant ScreeningFCRA compliant • GDPR ready • State laws covered
