Blog

The British Standards Institution (BSI) has issued changes to the BS7858 which sets out requirements for companies carrying out background screening for employees in a secure environment.

BS7858:2019 came into effect at the end of September and replaced BS7858:2012, which was then withdrawn on 31 March 2020.

Full details can be found in the BSI Standards Publication which you can purchase from them here.

We have recently seen a lot of misinformation published about the changes. As we are certified NSI Gold for screening services, we wanted to help clear up the confusion.

We’ve already written about the inclusion of social media screening, but as Verifile remains committed to accurate data and meaningful relationships, we’ve looked at the top three elements of BS7858:2019 that will be important to you.

The main changes are:

• Removal of character references
• Inclusion of a global watchlists check
• Right to Work checks in line with DBS identity requirements (previously SIA identity requirements)
• Inclusion of social media checks as a recommended best practice
• Permission to passing on of a screening file from job to job.
• Retention of each candidate’s screening file:
  • For those unsuccessful in the process for 12 months
  • During the entire employment period
  • After cessation of employment, specified records held for additional seven years
• All people engaged in carrying out BS7858 screening should be trained for the duties envisaged

Of all the changes, there are three specific areas that we think are most important.

DBS checks:

There is absolutely no need to include standard DBS checks in BS7858 packages, as these checks are undertaken by the Security Industry Authority (SIA) when they first register the individual. Otherwise only a Basic DBS check is appropriate.

See 7.3.2 (c), and 7.7. (j) in the 7858 Standard, or refer to the SIA’s ‘Get Licensed’ handbook. Where an individual is employed in a position that is likely to bring them into contact with children or vulnerable adults, e.g. child and adult workforce, a standard or enhanced level of disclosure might be necessary.

Global watchlists:

7.4 (c) of the BS7858 Standard includes mandatory requirement to search various global watchlists, sanctions and fraud databases. Previously, the standard called for searching only HMG sanctions list. 

Social Media:

BSI are increasingly aware that what employees post on social media may create problems for businesses operating in secure and regulated environments. The updated standard now recommends you therefore carry our social media screening pre and post-employment.

The BSI say: “For some roles, it might be prudent to seek additional information using best practice social media and other open-source internet checks to provide greater insights and reduce risk.”

For more guidance on this, and some further best practice guidance on social media screening in relation to BS7858:2019, please see our previous blog.

Verifile’s BS7858 checks

Verifile provides packages that cover the requirements of the updated standard for those employed in SIA licenced/regulated roles, as well as those employed in a secure environment but not in such a licensed/regulated role. 

Our flexible approach enables us to cater for senior leadership roles and other risk factors and customise the packages for each of the scenarios your organisation face. Our increasing number of quick checks also allows for your business to access almost instant results, so you can get your candidates in their roles quickly, even on the same day.

As always, Verifile will seek to demystify the changes in updated legislation such as this. If you have any questions about how BS7858:2019 may affect your business and if you need to make any changes to your background screening requirements. Give us a call on:

Existing clients, call: +44 (0) 1234 339 350 or email: service@verifile.co.uk

New clients, call: +44 (0) 1234 60 80 90 or email: sales@verifile.co.uk
 

Temporary changes to enhanced checks to help emergency coronavirus recruitment

Verifile removing admin costs to support healthcare recruitment

In response to COVID-19, as of 30 March 2020, the Home Office and the Disclosure and Barring Service (DBS) are removing the costs of enhanced DBS checks.

They will also be fast-tracking the adults’ and children’s barred lists checks.
 

All the latest news about how COVID-19 is

affecting the background screening sector

However, this only applies to healthcare and social care workers being recruited in connection with the care and treatment of COVID-19 in England and Wales.

Verifile will also be joining the national effort to make its DBS checking service free-of-admin-charge too. Employers recruiting staff and volunteers to deal with the COVID-19 pandemic will receive a free service end-to-end. 

A full list of eligible roles within NHS health services, social care services or social services functions that will benefit from these changes can be found here.

Please note: Roles eligible for the free and fast-track emergency checks are different to those defined as ‘key workers’ for the purposes of childcare etc.

These temporary arrangements will provide employers with the option to appoint new recruits into regulated activity with adults and/or children, so long as the individuals are not barred.

Appropriate measures must also be put in place to manage the individual until the full DBS check is received.

Only apply for a free fast-tracked DBS check under this change if you really need to

The DBS have also asked people to be mindful of only using these services if the roles fall into the eligible categories.

In communicating the free and fast tracked checks, they said: “Misuse of this emergency fast track and free COVID-19 provision, will delay the urgent deployment of health and social care personnel and therefore undermine the national effort to fight Coronavirus.”

Before accessing this benefit, please read these key facts and prompts to help you make an informed decision before applying for a DBS check under these changes:

• 95% of all Enhanced with Barred List DBS checks return no information
• Only 0.02% of Enhanced with Barred List DBS checks state the person is on a barred list
• If the person you are looking to employ as part of these emergency measures has had an Enhanced with Barred List DBS check in the last three years, as long as it is for the same workforce (i.e. children and/or adults), consider whether you can use the recent check to determine suitability for the role applied for.
• If the person you are looking to employ as part of these emergency measures has an existing subscription to the Update Service using a DBS Enhanced with Barred List check, assess the suitability of the applicant using the original certificate and a check of the Update Service.

Please note: as a temporary measure where you are recruiting into paid employment you may consider accepting checks previously issued for volunteer roles.

To help you access these checks, please speak to your account manager or contact our Client Services Team by calling: +44 (0) 1234 339 350 or emailing service@verifile.co.uk.

These changes are further commitment to DBS Turnaround Times, which are being treated as a priority with the government. 

PM Boris Johnson said: "We are speeding up the DBS checks so they can be done in 24 hours and I want to thank and congratulate all the boroughs throughout this country for the way they are harnessing those volunteers.”

 

As of 9 December 2019, the Senior Managers and Certification Regime (SMCR) became applicable to almost all firms regulated by the Prudential Regulation Authority and the Financial Services Authority, demonstrating that individual accountability remains a key priority for regulators. Chris Brennan (partner) and Zeena Saleh (associate) of White & Case LLP outline the key changes and implications for us.

The global financial crisis spurred a flurry of regulatory activity – large cross-border investigations, record fines and a thirst for more individual accountability – giving further credence to the third law of regulation; for every market action, there is an equal and opposite regulatory reaction.

While regulators have long been successful at holding firms to account for wrongdoing, they have had much less success holding individuals to account. The view from the regulator was that the failure to discipline individuals is often caused by difficulties in attributing control failings to particular individuals, for example, because of collective decision-making.

SMCR was established following the recommendations of the Parliamentary Commission on Banking Standards. The regime seeks to reduce the pool of senior individuals directly approved by the regulators, while encouraging individuals to take greater responsibility for their own actions. It is also designed to make it easier for firms and regulators to hold particular individuals to account for a regulatory failure within a firm. It was first applied to banks from March 2016 and later applied to all dual-regulated firms from December 2018.

To further ensure (as far as possible) a consistent approach across the financial services industry, as of 9 December 2019, the regime was extended again to apply to the 47,000 solo-regulated firms. Firms will have one year (until 9 December 2020) to take certain steps required by the regime. So, what are the implications of this for soloregulated firms and what measures should firms be taking, if they have not done so already?

Key Changes

SMCR aims to “…encourage greater individual accountability and sets a new standard of personal conduct in financial services …” with a view to strengthening confidence in the financial services industry and ultimately reduce harm to consumers.

The extended regime applies to a vast and varied group of firms. The FCA has taken this into account proposing a proportionate and flexible approach to the application of the regime. This is demonstrated by the FCA’s categorisation of firms – limited, core or enhanced – with the regulations under SMCR applying to such firms accordingly.

This short article does not seek to set out all the changes brought about by SMCR. However, the key changes can be summarised into the following three categories:

1. Conduct Rules – – the Conduct Rules replace the Statements of Principle and Code of Practice for Approved Persons (APER) and applies to a broader group of employees.

2. Senior Managers Regime – Senior Management Functions (SMF) replace the previous Significant Influence Functions. Each senior manager must obtain pre-approval from the FCA prior to starting the role. The regime introduces prescribed responsibilities to be allocated to SMFs and the concept of a ‘Statement of Responsibilities’ for enhanced firms which should clearly articulate what that individual is responsible and ultimately accountable for.

3. Certification Regime – The Certification Regime applies to employees in positions where it is possible for them to cause significant harm to the firm, its customers and the market more generally. These individuals will not require pre-approval from the regulator before starting the role but must be certified as fit and proper by the firm.

Key Implications

While it is certainly hoped that, in practice, firms and their senior individuals were acting in a way that reflects the spirit of the new regime, SMCR still arguably constitutes a significant practical change – expanding its reach, placing more responsibility on firms and a greater emphasis on individual accountability. Some key implications include:

1. Conduct rules have a broader reach, applying to a larger pool of employees when compared to the previous APER regime. Firms will need to ensure that its employees are aware of the conduct rules as they apply to them.

2. SMCR has effectively reduced the number of SMFs requiring FCA approval and increased the number of employees that would fall within the certification regime. This places a greater onus on firms. While those holding a SMF will need to obtain the FCAs pre-approval before taking on the role, the burden of assessing a certified employee’s fitness and propriety is now on a firm. Although previously firms would always make an assessment of an individual’s fitness and propriety, the regulator would always have the final say. Firms are now required to reach their own decision on this issue and face the consequences if they get it wrong. Firms are also required to provide regulatory references to a new employer and, given the new employer’s degree of reliance on the reference, will need to carefully consider what information to include and the appropriateness or adequacy of such information.

3. In terms of individual accountability, it should be easier for regulators to identify who is responsible for any given issue within a firm. However, the assessment of whether an individual is culpable for a regulatory failing remains the same. While the new regime introduces some specific rules, any enforcement action is likely to focus on the question of whether the person took reasonable steps. While this is not always easy to demonstrate, it is a relatively low threshold. The problem is that although the FCA has to establish that the individual failed to take reasonable steps, the practical burden will always fall on the senior manager to demonstrate what they did to fulfil their regulatory obligations.

IS IT ENOUGH TO RIGHT PAST WRONGS?

The introduction of SMCR is a positive step for the industry in many ways. Establishing who is responsible for what within a firm, provides clarity for regulators, firms and individuals alike. However, in larger firms, the ability to attribute culpability for a control failing is unlikely to be as ‘black and white’ as it might appear on a Statement of Responsibilities. The regulator must be careful to avoid trying to create a culture of strict liability. The fact that an issue is said to be the responsibility of a particular individual, does not mean that individual has to take the blame. Life is never that simple – not even in politics.