FCRA Compliance Doesn’t Have To Be Scary Or Hard — Really!

Compliance   |   

Recent class action FCRA lawsuits against major companies like Whole Foods and Amazon strike fear in the HR and background screening communities. But that fear is (mostly) misplaced.

True, lawsuits around the FCRA (more formally known as the Fair Credit Reporting Act) have increased over the past few years. But this growth results mainly from the ease of litigation and from an almost inexplicable failure by large employers to adapt their background screening policies for compliance.

The truth is, despite the six-figure settlements that make it seem like a herculean task, FCRA compliance is easier than you think.

In fact, most class action lawsuits that allege FCRA violations result from one of two claims:

  • Noncompliant background check consent forms
  • Failure to follow the adverse action process

When beefing up your compliance measures (or reviewing your background screening vendor’s processes), focus on these two areas first.

Review Your Consent Forms

Many employers targeted in the lawsuits used background-check consent forms that didn’t fully comply with FCRA requirements. The good news is that these cautionary tales offer plenty of guidance to help us determine what is and isn’t compliant.

Make sure you follow these do’s and don’ts before running a background check:

1. Do obtain consent. An employment-related background check requires candidate consent. Don’t run a background check on an applicant unless you’ve received the candidate’s authorization to do so.

2. Don’t sandwich disclosure between information unrelated to the background check. The FCRA requires that background check consent forms, also referred to as disclosure and authorization, be provided in a clear and conspicuous stand-alone document. This means you can’t disclose information related to the background check in a document that contains information about other topics.

3. Don’t include a release of liability in your consent form. The mere presence of such a clause has given rise to many class action lawsuits. These clauses should be placed in another document, separate from the consent form.

4. Do use an entirely separate form to provide any state-required notices related to background checks. Recent litigation has alleged that including state-law notices within the background check consent form violates the FCRA. The reasoning is that state law notices don’t describe rights of consumers under federal law and are not related to the disclosure required by federal law.

If you use GoodHire as your background screening service, you can use one of our FCRA-compliant e-consent or PDF consent forms, or upload your own.

Follow The Adverse Action Process Carefully

If you decide not to hire, promote, or retain a candidate based on the contents of a background check, you must follow the FCRA-mandated adverse action process. The process is relatively simple, but employers keep getting it wrong. Don’t follow their lead! Follow the steps below to ensure compliance.

1. Provide a pre-adverse action notice. When the result of a background check leads you to believe you might end up taking unfavorable action against an applicant (such as not hiring or promoting), you must send the applicant a pre-adverse action notice. This is simply a letter informing the applicant that the background check results are under review and a decision is pending. You must include a copy of the background and a Summary of Your Rights Under the Fair Credit Reporting Act along with the notice.

Remember, three things are required to ensure compliance with the Pre-Adverse Action step under the FCRA: a pre-adverse action notice, a copy of the background check, and a summary of rights under the FCRA.

2. Give the candidate time to respond. After sending the pre-adverse action notice, electronically or by mail, wait five business days before taking final action or communicating a final decision to the applicant. This waiting period gives the candidate time to challenge inaccuracies.

3. Notify the candidate of the final decision. After five business days have passed, you may make your final decision and send the candidate a post-adverse action notice. This notice should inform the applicant of the following:

  • That an adverse decision (such as not hiring or promoting) has been made
  • The name, address, and phone number of the consumer reporting agency (CRA) that provided the background check to the employer
  • A statement that the CRA did not make the hiring decision and cannot explain why adverse action was taken
  • A statement that the applicant has a right to obtain a free copy of the background check within 60 days of receiving the post-adverse action notice and that the consumer also has a right to dispute inaccurate or incomplete information contained in the background check.

4. Document the timing of these notifications. That way, you can prove compliance should you receive a complaint. If you email your notices, they will include timestamps, which are helpful. If you mail your notices, consider sending them by registered mail.

GoodHire offers templates you can use to make pre-adverse action and post-adverse action compliance easier.

FCRA Compliance Isn’t Hard, But It Pays To Stay Informed

FCRA compliance, while not difficult, does require vigilance. Plaintiffs’ attorneys are constantly looking for the next big claim that results in easy settlements. By monitoring legislative and judicial developments, you can proactively make changes to mitigate your risk and ensure compliance.

If you’re not part of an employment or HR trade organization, consider joining one. They often provide helpful bulletins and newsletters that summarize breaking developments in compliance. You might also want to sign up for alerts from your favorite search engine. Creating daily alerts based on combinations of key-words such as “FCRA,” “background checks,” “lawsuits,” and “compliance” will routinely deliver news to your inbox. These updates ensure you know what’s happening in the background screening industry and when, allowing you to adapt your compliance policies as necessary.

Finally, perform an audit of your consent forms and background screening policies twice a year to ensure you’re not using outdated, and therefore noncompliant, language or processes. Involving your corporate counsel or the assistance of an FCRA attorney will ensure your audits are efficient and comprehensive.

And, if you haven’t already, make sure to sign up for GoodHire’s newsletter, where we share timely FCRA developments with subscribers.

What are your most pressing questions related to FCRA compliance? Ask us @goodhiretweets #FairHiring #GoodHiring.

Elizabeth McLean

Elizabeth McLean


At GoodHire, Elizabeth McLean monitors all things FCRA and EEOC. That means she follows new legislation and court decisions and advises the company on processes that follow compliance best practices. Elizabeth earned an advanced FCRA certification from NAPBS in 2015.

Keep Your Eye On The Law

Subscribe to The Works for monthly updates and insight on changing hiring laws and background check best practices.

Our Contributors

Arte Nathan

Arte Nathan

President & COO at Strategic Development Worldwide
Deb McGrath

Deb McGrath

Founder and Chief Instigator of HR.com
Tony Le

Tony Le

Sr. Director, Global HR Operations & Talent Acquisition at IAC Publishing
Celinda Appleby

Celinda Appleby

Head of Global Recruitment Branding, Oracle

See All Our Contributors

Related posts

Compliance  |  Background Checks  | 

[Video] How to Navigate the Complex Requirements of Ban-the-Box Laws

New local and state ban-the-box laws are taking effect across the country....

Compliance  | 

California Has Banned the Box—GoodHire Helps You Comply

You’ve likely heard about California’s new Ban the Box law (AB 1008). Here...

Compliance  |  Background Checks  |  What's New  | 

New: Localized Adverse Action Workflow For A Ban-The-Box World

No law says you have to hire people with criminal records.