Knowing Your Employees is a vital tactic for mitigating risk at many organizations, yet too often it doesn't get the attention it deserves
Among risk management methods widely used across a multitude of organizations, Knowing Your Employees (KYE) is one that perhaps doesn’t get the attentions it is due. Yet, KYE is an important risk management task that should not be overlooked or delegated solely to the organization’s Human Resources department.
Many organizations recognize the importance of screening employees for potential risks before they are hired in order to shield an organization from significant losses due to errors in judgment, negligence, fraud, and misuse of company property. In our modern age of information, however, this initial background screening or even occasional screenings are just snapshots in time. It is essential for any organization to continually monitor employee profiles and to “know the knowable” so that timely and appropriate interventions may be taken if required.
Who is responsible for KYE in an organization?
In many organizations, the responsibility for KYE generally falls somewhere among the HR, risk management, and business continuity functions.
If you think about your individual business, who in your company is responsible for ensuring that none of the employees who normally enter customers’ homes have been recently charged with a violent offense? Or, who is responsible for making sure that the organization’s CEO or CFO who may be going through some financial difficulty doesn’t suddenly become compromised by an extortion attempt? These and many other examples, if realized, carry significant reputational, operational, and financial risks to the company or organization.
Clearly, forward-thinking and responsible organizations would be wise to create policies and procedures that prepare for a worst-case scenario while still hoping for the best possible outcome.
Preventing risk falls on risk management
A company’s risk management function is designed to shield it from dangers of all kinds, thus this team is best positioned within the company to oversee risk management related to employees. Putting thoughtful investments into prevention measures allows these teams to become even more effective and proactive in the prevention of potential disasters.
By actively monitoring and assessing employee risks, for example, risk management teams ensure that any changes in an employee’s behavior or personal information are identified quickly so that appropriate action can be taken.
Today, corporations have a responsibility to their fellow employees, their customers, the communities in which they operate, and all their stakeholders to be proactive and know about obvious red flags associated with their workers. Traditionally this has been a very difficult task to manage, as there is really no service that can help you know everything you should be aware of. However, companies that seek to remain competitive in the market must make this effort.
To that end, continuous evaluation of employees for real-time arrests, signs of financial distress, sanctions violations, and other indicators of risks have the tangible benefit of reducing business exposure to a workplace tragedy, policy violations, regulatory and compliance risks, fines, and major reputational damage caused by not intervening prior to a preventable incident.
Indeed, more than half of U.S. workers agree that their company management does not take adequate steps to keep them safe at work. This perception leads to decreased productivity, increased employee turnover, and weaker responses to employee incidents. And these insider threats can include such damaging actions as employee workplace violence, theft, fraud, cyber-intrusions, and corrupt business practices.
Further, according to the Association of Certified Fraud Examiners (ACFE), a typical insider fraud case lasts about 12 months, and 85% of occupational fraudsters displayed at least one behavioral red flag prior to their eventual detection.
Company management needs to be proactive to effectively mitigate these risks. By taking preventive measures before a situation spirals out of control, business leaders can mitigate or at least lower their company’s exposure to these risks.
Maintaining industry compliance
Risk management and compliance professionals are in agreement that most regulated industries have some duty to make sure that their employees meet strict standards set by regulators that include meeting licensing requirements, ensuring customer safety, and limiting access to sensitive information. As such, part of a risk manager’s job is to ensure that all employees meet industry standards and regulations.
Just as robust monitoring solutions and policies need to be a priority in a Know Your Customer program in order to mitigate risks posed by customers or clients, a solid continuous evaluation in a similarly robust KYE program is necessary to mitigate the “knowable” risks posed by the company’s own employees.
Ongoing employee evaluation comes with challenges of its own, of course — such as concerns around the Fair Credit Reporting Act and state employment privacy laws — however, proactive management can overcome these challenges with alert-based monitoring and the right policies in place.
Overall, strategic investment into a quality KYE program will allow an organization and its management to be proactive, protect their employees and customers, and mitigate potential disasters.