1.1 This policy establishes the Organization's mandatory requirements and procedures for conducting pre-employment background checks on all prospective employees and, where applicable, periodic background checks on existing employees in designated sensitive roles. The purpose of this policy is to protect the Organization, its employees, clients, intellectual property, and stakeholders by verifying the accuracy of information provided by candidates, identifying potential risks that could compromise workplace safety or organizational integrity, ensuring compliance with applicable regulatory and contractual requirements, and maintaining the trust and confidence of clients, partners, and regulatory authorities. This policy applies to all candidates who receive a conditional offer of employment, regardless of the position level, employment type, or geographic location.

1.2 All background checks shall be conducted in strict compliance with applicable federal, state, and local laws, including but not limited to the Fair Credit Reporting Act (FCRA), applicable state consumer reporting laws, ban-the-box and fair chance hiring legislation, the Americans with Disabilities Act (ADA), Title VII of the Civil Rights Act, and any applicable data privacy regulations such as GDPR for candidates in the European Union. The Organization shall ensure that background check processes do not produce unlawful disparate impact on candidates based on race, color, national origin, sex, religion, disability, genetic information, or any other protected characteristic. The HR department shall maintain a current inventory of jurisdictional requirements and shall consult with Legal Counsel whenever the Organization conducts checks in new jurisdictions or when material legislative changes take effect.

1.3 The HR department shall serve as the sole administrator and authorising authority for all background checks conducted under this policy. All checks shall be performed by the Organization's approved third-party consumer reporting agency, which has been vetted for FCRA compliance, data security standards, and accuracy of reporting. No Hiring Manager, department head, recruiter, or other employee shall independently conduct, commission, or request background checks on candidates or employees outside the processes defined in this policy. Informal background checks, including personal internet searches, social media screening, or contacting the candidate's references or former employers outside the standardised reference check process, are prohibited unless conducted by the HR department using approved, documented, and legally compliant procedures.

2.1 The Organization shall conduct a standard background check package for all positions, comprising four core components. First, identity verification shall confirm the candidate's legal name, date of birth, and government-issued identification number against official databases. Second, employment history verification shall confirm job titles, dates of employment, and reasons for leaving for all positions held within the preceding 7 years, or the preceding 3 positions, whichever covers the longer period. Third, educational credential verification shall confirm the highest degree claimed by the candidate, including the institution name, degree type, field of study, and date of conferral. Fourth, a criminal record check shall include a national criminal database search, a county-level court records search for all counties of residence within the preceding 7 years, and a national sex offender registry search. All standard checks shall be completed within 10 business days of the candidate's authorisation.

2.2 Enhanced background check packages shall be required for positions that involve financial authority or fiduciary responsibility, access to confidential client or patient data, regulatory licensing requirements, access to classified or sensitive government information, or positions at the director level and above. In addition to the standard check components, enhanced checks shall include a consumer credit report review assessing payment history, outstanding debts, judgments, and bankruptcies; verification of professional licences, certifications, and regulatory registrations required for the role; screening against global sanctions lists including OFAC, EU sanctions, and UN sanctions databases; and, where applicable to the role and legally permissible, a drug screening conducted by a certified laboratory. Enhanced checks shall be completed within 15 business days of the candidate's authorisation.

2.3 The Organization shall conduct motor vehicle record (MVR) checks for all positions that require driving a company vehicle, operating heavy equipment, or regular driving as a material duty of the role. The MVR check shall verify that the candidate holds a valid driver's licence of the appropriate class for the vehicles they will operate and shall review the candidate's driving history for the preceding 3 years. Candidates with any of the following on their driving record within the preceding 3 years shall be disqualified from positions requiring driving: driving under the influence or impaired driving convictions, reckless driving convictions, licence suspensions or revocations, or three or more moving violations. The HR department shall reassess MVR records for employees in driving-designated positions annually. Employees who acquire disqualifying violations during employment shall notify the HR department within 5 business days.

2.4 For positions that involve direct contact with or responsibility for vulnerable populations, including children, elderly persons, or individuals with disabilities, the Organization shall conduct additional background check components as required by applicable federal and state law. These additional checks shall include a child abuse and neglect registry search in all states where the candidate has resided within the preceding 5 years, an adult abuse registry search where applicable, fingerprint-based criminal history checks through the FBI and state repositories where mandated by licensing or regulatory requirements, and verification of any mandatory professional certifications related to the care of vulnerable populations. These checks shall be completed before the candidate commences any duties involving contact with vulnerable populations, with no exceptions or provisional start dates permitted.

3.1 The Organization shall obtain written, informed authorisation from the candidate before initiating any background check, in compliance with the Fair Credit Reporting Act and applicable state laws. The authorisation shall be obtained through a standalone disclosure and consent form that is not embedded within or attached to the employment application. The disclosure form shall clearly and conspicuously describe the types of background checks that will be conducted, identify the third-party consumer reporting agency that will perform the checks, inform the candidate of their right to request a copy of the report, inform the candidate of their right to dispute inaccurate or incomplete information, and provide a summary of the candidate's rights under the FCRA. The candidate's signature on the authorisation form shall constitute consent for both pre-employment checks and, where applicable, periodic checks during employment for designated sensitive roles.

3.2 Where a background check reveals adverse information that may affect the Organization's hiring decision, the HR department shall follow the pre-adverse and adverse action procedures mandated by the FCRA. In the pre-adverse action stage, the candidate shall be provided with a copy of the consumer report, a written summary of the candidate's rights under the FCRA, and a pre-adverse action notice stating that the Organization is considering taking adverse action based on the report findings. The candidate shall be afforded a minimum of 5 business days from the date of the pre-adverse action notice to review the report and submit any dispute, correction, or explanation before a final decision is made. If the Organization proceeds with adverse action after the waiting period, a final adverse action notice shall be sent to the candidate specifying the basis for the decision, the name and contact information of the consumer reporting agency, and a statement that the agency did not make the adverse decision and cannot explain why it was made.

3.3 The Organization shall not automatically disqualify a candidate or withdraw a conditional offer solely on the basis of a criminal record. In accordance with EEOC guidance and applicable ban-the-box and fair chance hiring legislation, the HR department shall conduct an individualised assessment for each candidate with a criminal history, considering the nature and gravity of the offence or conduct, the time that has elapsed since the offence, conviction, or completion of the sentence, the nature of the position sought and its relationship to the offence, evidence of rehabilitation and good conduct since the offence, and any other mitigating circumstances presented by the candidate. The individualised assessment shall be documented in writing by the HR department and reviewed by Legal Counsel before any adverse action is taken. The candidate shall be given the opportunity to present evidence of rehabilitation before a final determination is made.

4.1 All background check reports, consent forms, and related documentation shall be stored in a secure, access-controlled repository separate from the employee's general personnel file. Access shall be restricted to designated HR personnel with a legitimate need to know, and access logs shall be maintained and audited quarterly. Background check reports shall not be shared in their entirety with Hiring Managers, interview panel members, or any other non-HR personnel. The HR department shall communicate the outcome to the Hiring Manager as a pass/fail or conditional determination, accompanied by any role-relevant considerations that require discussion, without disclosing specific report details such as credit scores, criminal charge details, or medical information. All electronic transmissions of background check data shall be encrypted using industry-standard encryption protocols.

4.2 Background check records, including consent forms, reports, correspondence, individualised assessment documentation, and adverse action notices, shall be retained for a minimum of 5 years from the date of the hiring decision, or for such longer period as may be required by applicable federal, state, or local retention laws, contractual obligations, or regulatory requirements. Records relating to candidates who were the subject of a dispute, complaint, or legal proceeding shall be retained until the matter is fully resolved and any applicable statute of limitations has expired, plus an additional 2 years. Upon expiration of the retention period, records shall be securely destroyed in accordance with the Organization's records retention and destruction policy, using cross-cut shredding for physical documents and certified data wiping or destruction for electronic records. The HR department shall maintain a destruction log documenting the date, method, and authorisation for each batch of records destroyed.

4.3 The Organization's approved third-party consumer reporting agency shall be contractually required to maintain SOC 2 Type II certification, FCRA compliance, and data security and privacy standards equivalent to or exceeding the Organization's own information security requirements. The service agreement with the screening provider shall include clauses addressing data ownership and return or destruction of data upon contract termination, breach notification obligations with a maximum notification window of 48 hours, prohibition on sub-processing candidate data without prior written consent, annual compliance audits with results shared with the Organization, professional liability and errors and omissions insurance with minimum coverage of $5 million, and defined service level agreements including accuracy rates, turnaround times, and dispute resolution procedures. The HR department shall conduct a formal vendor performance review at least annually and shall re-tender the screening services contract at least every 3 years.

5.1 Employees occupying designated sensitive roles, as defined by the Organization's role classification matrix, shall be subject to periodic background re-checks at intervals of no less than every 3 years, or more frequently where required by applicable regulation, client contract, or industry standard. Sensitive roles include positions with financial authority exceeding $50,000, access to personally identifiable information of more than 1,000 individuals, access to classified information, and positions requiring regulatory licensure. Employees shall be notified in writing at least 30 calendar days before the re-check is initiated, and written consent shall be re-obtained. The scope of periodic re-checks shall be determined by the HR department based on the role's risk classification and shall, at a minimum, include a criminal record update and verification of continued professional licensure where applicable. Adverse findings from periodic re-checks shall be managed through the same individualised assessment process applied to pre-employment checks.

5.2 Violations of this policy shall be treated as serious misconduct and shall result in disciplinary action proportionate to the nature and severity of the violation. Violations include, but are not limited to, conducting or commissioning background checks outside the processes defined in this policy, accessing background check reports or data without authorisation or legitimate business need, disclosing background check information to unauthorised individuals or third parties, failing to follow the required pre-adverse and adverse action procedures, using background check information in a discriminatory manner, and failing to report known or suspected violations to the HR department. Disciplinary consequences may include formal written warning, suspension from hiring activities, suspension from employment, or termination of employment. The HR department shall investigate alleged violations within 15 business days and shall consult with Legal Counsel on any matter that may involve regulatory non-compliance or legal exposure.

5.3 This policy shall be reviewed comprehensively at least once every 12 months by the policy owner in consultation with Legal Counsel, the Chief Information Security Officer, and the third-party screening provider to ensure continued compliance with evolving federal, state, and local background check legislation, FCRA amendments, EEOC guidance updates, and data privacy regulations. An interim review shall be triggered by any material change in applicable legislation, the Organization's expansion into new jurisdictions, adverse audit findings, or any legal proceeding arising from the Organization's background check practices. Proposed amendments shall be reviewed by Legal Counsel, approved by the Head of Human Resources and the Chief Executive Officer, and communicated to all affected employees and stakeholders at least 14 calendar days before the effective date. A version history log shall be maintained as an appendix to this policy.