Conducting Background Checks with OSINT
Understanding the purpose of background checks
Background checks are fundamental when it comes to forming business relationships with new employees, clients, customers and partners.
In today’s fast-paced landscape, speed and efficiency are two key qualities that background checks must adhere to. That’s because delays in forming new partnerships can have monetary or reputational costs.
However, this must always be balanced with a proper evaluation of risk. This is especially true when dealing high-value and high-risk customers, or high-level prospective employees. Fundamentally, background checks exist to protect organisations from internal and external risk, so they must serve these functions.
Internal risk
It’s important to manage and mitigate internal threats effectively. As just one example, they’re responsible for a large proportion of business fraud. Let’s take a look at the statistics:
- Internal threat actors are responsible for 31% of fraud
- A further 26% is caused by collusion between internal and external threat actors
Additionally, it’s worth noting that 24% of the employees in these fraud cases work in higher management. For example, Swedbank’s CEO was charged for fraud relating to €37bn (£30bn) of transactions with a high risk of money laundering between 2014 and 2019.1
External risk
External threat actors aren’t always anonymous hackers or criminals. In fact, 68% of external threat actors are already in business’ network, including vendors, agents, service providers and customers.2
In particular, financial institutions should be aware of the scale of this risk. Barclays landed a then-record-breaking fine in 2015 for failing to screen ultra-high-net-worth customers appropriately. These customers later became suspects in a money laundering case, hence the fine.3
Why OSINT for background checks?
Integrating effective background checks into employee and customer screening is the first line of defence against fraud and financial crime. As such, background checks have evolved to encompass more data, providing organisations with the detail they need to avoid and mitigate risks.
In this article, we’re going to explore the increasingly important role of open source intelligence (OSINT) in background checks.
Suggested reading: You can learn more about the value of OSINT in a range of investigations in our free eBook — The OSINT Handbook
Traditional background checks
Around 93% of businesses worldwide conduct pre-employment screening (PES) as part of their hiring process. PES typically includes criminal record checks, employment status and credit, education and licence verification.4
Not only do background checks help employers verify applications — as some 36% to 95% of people admit to lying on their CV — but they also help protect the security and integrity of an organisation.5
Background screening also applies to prospective clients, customers and B2B partners. Organisations screen these new partners to mitigate risk, meet their regulatory responsibilities for AML, AFC and EDD, and ensure they meet business criteria, goals and objectives.
There are three broad types of background checks:
- Standard background checks for most employees: These are typically the most basic form of background check, and might include disclosure and barring service (DBS) and credit checks.
- In-depth background checks for senior hires: Checks of this nature extend into potentially reputationally damaging content. Social media screening is an increasingly important component of high-level background checks. Crucially, the complexity and detail required should scale to the level and seniority of the hire.
- Screening for customers, clients, suppliers and partners: Companies need assurance that suppliers and partners aren’t involved in financial crime, modern slavery, environmental crime or human rights issues that could affect their reputation. They also need to know that the companies they are doing business with are financially stable.
As business becomes more complex and risks more numerous, applying these traditional approaches to background checks has become increasingly untenable.
The deficiencies of a traditional approach
Traditional background screening is littered with practical, regulatory and legal issues that can make it difficult for organisations to get the results they need consistently:
- Regulation and compliance: There are multiple background check standards ranging from basic, standard and enhanced DBS checks to BS7858 for the security sector, BPSS checks (Baseline Personnel Security Standard) for the public sector, and governmental positions and FCA Screening for financial institutions. Meeting standards is the minimum expected to maintain legal responsibility. However, the screening processes stipulated by regulations are often insufficient to truly mitigate risk — businesses often build bespoke screening processes tailored to their unique needs.
- Reducing onboarding friction: Checks need to be detailed without infringing on data privacy. This exposes organisations to the seemingly paradoxical task of collecting detailed screening data while navigating data privacy. Moreover, intrusive background checks can dissuade prospective employees who don’t want to feel interrogated when entering into a new job role.
- Complex screening processes: The process of screening customers and clients is subject to AML, AFC and EDD regulations that often change, as indicated by the European Due Diligence Act in March 2021 and recent EU laws introducing criminal liability for AML and AFC failings. To meet regulations in high-risk situations, organisations must extend background searches into as many sources as possible.
Introducing open source intelligence
Open source intelligence, or OSINT, is the collection, processing and analysis of open source data (OSD) to provide insights for investigators. OSINT makes use of publicly available and publicly licensable data, helping investigators glean insights from the whole of the surface web, deep web and dark web.
The internet is a constantly evolving source of information that covers everything from individuals, organisations and their networks to cyber criminals and underground terrorist groups. As a result, OSINT is being deployed in a wide variety of investigations, including background checks.
There are a variety of OSINT sources that can be utilised for the purposes of investigations, including but not limited to:
- News and media from multi-lingual sources
- Grey literature, including non-media private and public sector reports, filing and leaked data from organisations like the Organized Crime and Corruption Reporting Project (OCCRP) or the International Consortium of Investigative Journalists (ICIJ)
- Publicly available social media, including individual profiles, networks, and some image, location and file metadata
- Dark web data, such as information hosted on .onion domains
- Corporate data sources in countries where this data is publicly available, such as the UK’s Companies House
OSINT background checks
OSINT enriches background checks with more of the information organisations need to make effective, compliant, and risk-adjusted decisions. While regular screening processes are usually sufficient to meet regulatory requirements at the lower end of the risk spectrum, organisations are responsible for assessing risk in each individual case.
If the stakes are high — for example, where an organisation is hiring a high-level employee or striking a new high-value relationship — then superficial searches are insufficient. This is also the belief of regulators and influential industry voices. For example, the Financial Action Task Force stated that organisations need to “stop just ticking boxes” regarding their EDD responsibilities.6
Fortunately, OSINT can provide a solution, offering an effective means to enhance background screening processes across both the recruitment of new staff and the forming of new business relationships.
Suggested reading: For a thorough explanation of OSINT and it’s practical uses, check out our article What is OSINT?
The benefits of undertaking background checks with OSINT
Additional layers of information are always advisable when screening high-risk employees and prospective partners.
That’s exactly what OSINT provides, as well as a number of other benefits within the context of background checks. These include:
- Uncovering information not available in curated databases
- Accessing a wide range of multilingual, international news and media sources
- Discovering and inspecting an individual’s or organisation’s links and networks
- Gauging a customer’s or client’s human rights and environmental risks and impacts to address the EU Due Diligence Act
- Cost-effectiveness, as OSD is free and publicly available
In simple terms, intelligence extracted from OSD enables organisations to make better hiring and partnership decisions. This amounts to more than satisfying regulations — it also helps businesses strike mutually beneficial and trustworthy partnerships.
- OSINT helps businesses avoid wasting time and money by hiring the wrong person. In addition, conducting OSINT checks on high-profile hires helps businesses align employment practices to their culture and ethics.
- Employees with high-level control are responsible for a significant proportion of internal fraud — OSINT acts as another line of defence against insider threats and collusion.
- Background checks can be intrusive, and businesses must be careful not to violate data privacy and processing laws. OSINT targets open source data by design and enables smooth, frictionless and unobtrusive background screening and onboarding.
- Organisations should employ greater subjective judgement when striking partnerships with high-risk partners to gauge and mitigate risk. OSINT provides another layer of information that enhances and enriches onboarding workflows, enabling organisations to make effective and compliant risk-adjusted decisions.
- Current regulation obligates businesses to check and audit their supply chains. OSINT provides visibility into supply chain networks and high-risk activity in certain jurisdictions.
Modern, cutting-edge OSINT platforms are equipping businesses with the tools they need to conduct effective, efficient and detailed background reports into prospective partners and employees.
Conduct efficient background checks using Videris
OSINT background checks are providing organisations with the data and intelligence they need to make well-informed, risk-adjusted decisions. By using OSINT, organisations can extend background searches into all available sources of data and ensure optimised outcomes for their investigations.
At Blackdot, we built our Videris platform to give investigators the tools they need to conduct comprehensive investigations, including background checks. Videris’ secure ecosystem is built for cutting-edge OSINT investigations, and provides a number of features that assist and augment investigations, including:
- Videris Search: Videris Search is where investigations begin. Search all relevant data sources at once and pull information into a single structured workflow for analysis. Videris enables access to deep and dark web sources otherwise inaccessible using surface web browsers.
- Risk analysis: Risk analysis is particularly useful for background screening. Videris performs intelligent risk analysis on search results and highlights relevant risk terms.
- Cross-matching and entity extraction: Videris pulls named entities from sources and cross-matches them to accelerate the background screening process. This helps researchers work with large volumes of data.
- Intuitive visualisation: Videris Charts makes it easy to understand a subject’s connections and online footprint by mapping information on an interactive chart and highlighting potential hidden links.
- Secure and compliant browsing: Videris provides a secure, compliant ecosystem that ensures researchers remain untraceable.
- Flexible deployment: Videris can be hosted in the cloud or on a corporate or standalone network, and our team can help organisations integrate their own internal data.
Book a demo of Videris today to see for yourself how our cutting-edge platform can help you undertake efficient and effective background checks.
1 Guardian – Swedbank ex-chief charged over money laundering scandal
2 PwC – Global Economic Crime Survey
4 Tech Target – Employment Screening Trends
6 FATF executive secretary calls for end to AML ‘box-ticking’ culture