2015 May

EEOC loses – again – in challenge to background checks

In the latest blow to the Equal Employment Opportunity Commission’s (the “EEOC”) attempts to regulate employers’ use of background checks, the Fourth U.S. Circuit Court of Appeals threw out a case in a scathing opinion that expressed disappointment in the agency’s litigation conduct.

The controversy began in April 2012, when the EEOC released guidance on the issue of criminal background checks for employers. The “Consideration of Arrest and Conviction Records in Employment Decisions Under Title VII of the Civil Rights Act of 1964” emphasized that while the use of criminal history does not violate the statute per se, an employer may run afoul of the law if the checks result in systemic discrimination based on a protected category like race, color, national origin, religion, or sex.

As an alternative, the agency suggested employers strive to perform individualized assessments of prospective employees, and consider factors such as the nature of the crime and its relation to the potential job, as well as the individual’s rehabilitation efforts and the length of time that has passed since the conviction.

The EEOC then followed up with multiple lawsuits alleging that certain employers engaged in the discriminatory use of background checks, disproportionately screening out African-American workers in cases filed against BMW Manufacturing in South Carolina, Dollar General in Illinois, Kaplan Higher Education Company in Ohio, and Freeman Company in Maryland.

To date, all of the lawsuits have been dismissed and the agency has faced criticism about its efforts to pursue such cases from both industry and lawmakers. The most recent critic: the Fourth Circuit.

In the agency’s case against Freeman Company, the EEOC alleged the company’s use of criminal background checks for all applicants and credit checks for “credit sensitive” positions had an unlawful disparate impact on black and male job applicants. To support its case, the agency produced expert reports by an industrial/organizational psychologist. But the federal district court granted summary judgment for Freeman, finding the psychologist’s reports “rife with analytical errors” and “completely unreliable.”

The Fourth Circuit affirmed the ruling, identifying “an alarming number of errors and analytical fallacies” in the reports, “making it impossible to rely on any of his conclusions.” Freeman provided complete background screening logs for thousands of applicants to the EEOC but the psychologist “cherry-picked” data, the court said, omitting information from half of the company’s branch offices while purporting to analyze all the background checks, and further failed to utilize an appropriate sample size, selecting the vast majority of data to focus on before October 14, 2008.

Although the relevant time period extended to August 31, 2011 and Freeman conducted over 1,500 criminal checks and more than 300 credit reviews between October 14, 2008 and August 31, 2011, the psychologist used data from only 19 applicants during that time, just one of whom passed the check.

A “mind-boggling number of errors and unexplained discrepancies” existed in the psychologist’s database, the panel added, rejecting the EEOC’s argument that the mistakes originated in Freeman’s data. The psychologist introduced the errors, the court said, and further managed to introduce fresh errors when he tried to supplement his original reports with corrections.

“The sheer number of mistakes and omissions in the analysis renders it “outside the range where experts might reasonably differ,” the three-judge panel wrote. One of the panelists added a concurring opinion expressing concern with the “EEOC’s disappointing litigation conduct” and continued efforts to defend the psychologist’s work despite other courts reaching similar conclusions about his reports.

“The Commission’s conduct in this case suggets that its exercise of vigilance has been lacking,” according to the concurring opinion. “It would serve the agency well in the future to reconsider how it might better discharge the responsibilities delegated to it or face consquences for failing to do so.”

With public criticism, zero litigation victories, and a counterargument from one defendant that its background check procedures are the same as those conducted by the agency itself, the Fourth Circuit’s decision does not bode well for the future of EEOC challenges to background checks. That said, employers should still be cautious and utilize background reports in a non-discriminatory manner.

Read the EEOC guidance.

Read the opinion in EEOC v. Freeman.

May 8th, 2015|Employment Decisions|

No number, no lawsuit

Tossing a lawsuit alleging religious discrimination, the Sixth U.S. Circuit Court of Appeals found that an applicant could not sue after refusing to provide his Social Security number to a prospective employer. The plaintiff, an applicant for a position with an energy company, claimed that he had no number because he “disclaimed and disavowed it” on account of his sincerely held religious beliefs.

The company’s refusal to hire the plaintiff violated Title VII and Ohio state law, the complaint charged, requesting both injunctive relief in the form of a job and monetary damages. A federal district court judge dismissed the lawsuit, and the federal appellate panel affirmed.

Courts considering the issue apply a two-step analysis, the Sixth Circuit explained. First, the court determines whether the plaintiff established a “prima facie case of religious discrimination,” which requires proof that the plaintiff “(1) holds a sincere religious belief that conflicts with an employment requirement; (2) has informed the employer about the conflicts; and (3) was discharged or disciplined for failing to comply with the conflicting employment requirement.” If the plaintiff manages to establish a prima facie case, the burden shifts to the employer to show it could not “reasonably accommodate” the religious beliefs without “undue hardship.”

This suit failed under the first step, the panel said, because the Internal Revenue Code mandates that employers collect and provide the Social Security numbers of their employees. Because the company’s collection of the plaintiff’s number was a “requirement imposed by law” and not an “employment requirement,” the court had no need to consider the sincerity of the plaintiff’s beliefs.

The panel also noted that every other federal appellate court to consider the issue has concluded “that Title VII does not require an employer to reasonably accommodate an employee’s religious beliefs if such accommodation would violate a federal statute,” citing decisions from the Fourth, Eighth, Ninth, and Tenth Circuits, as well as federal district courts in Michigan and Virginia.

All of the courts have arrived “at the same, sensible conclusion: ‘

[A]n employer is not liable under Title VII when accommodating an employee’s religious beliefs would require the employer to violate federal … law,” the Sixth Circuit wrote. “This conclusion is consistent with Title VII’s text, which says nothing that might license an employer to disregard other federal statutes in the name of reasonably accommodating an employee’s religious practices.”

For employers, the decision provides even greater peace of mind. With five federal appellate courts in agreement that a religious discrimination claim will not stand against an employer that complies with federal requirements to collect an applicant’s Social Security number, companies do not have to worry about the merits of a Title VII lawsuit under such circumstances.

Read the opinion.

May 8th, 2015|Employment Decisions, Judgment, Legislation|

Do you know about specialty consumer reports?

Credit reports are a part of life, whether applying for a credit card or purchasing a home. But what about specialty consumer reports?

Many people are unaware that dozens of other types of consumer reports exist, filled with information about medical and prescription history, for example, or insurance claims. Specialty consumer reports gather data from a wide variety of sources including information provided by consumers on applications (such as an apartment lease or a wireless phone contract) as well as public documents like criminal records and marriage licenses.

The reports provide information geared for a specific industry. A truck driving company might purchase reports that detail a job applicant’s driving record and motor vehicle insurance claims while an insurer will review a report with claims filed by a homeowner to check an individual’s historic use of insurance policies. Other niche reports provide data on loan balances, information about any bounced checks, and bank account history for lenders; another company tracks consumers’ product returns and will alert large retailers for fraud prevention purposes.

The Fair Credit Reporting Act (the “FCRA”) entitles consumers to one free report per year from any nationwide credit or specialty reporting agency (plus another free report if an adverse action has been taken, or the consumer disputes an item in the report that was corrected).

Recently, consumer rights group Consumer Action focused on the issue of specialty consumer reports in an “Insider’s Guide to Specialty Consumer Reports: A Guide to Obtaining, Understanding and Managing Your Information,” complete with a directory of furnishers. Staffers went through the process of requesting their own reports to help provide information for consumers about the types of reports available and their rights to request reports or correct errors.

Access the Consumer Action guide.

Read the directory of specialty consumer report furnishers.

May 8th, 2015|FCRA, Fraud|

Financial regulators focus on vendor due diligence

In the wake of the economic crisis, financial institutions have faced a wave of new rules and regulations. From the Dodd-Frank Wall Street Reform and Consumer Protection Act to regulators stepping up their enforcement efforts, regulated entities must ensure compliance with a host of new requirements.

The rules and heightened oversight go beyond banks themselves, and are increasingly focused on their third-party vendors. In many cases, vendors are not allowed to work with regulated entities unless they can demonstrate their compliance with various data security and privacy requirements.

Last year, New York’s Department of Financial Services (the “DFS”) sent letters to banks nationwide expressing concern about the state of their cybersecurity practices with regard to third-parties. DFS Superintendent Benjamin Lawsky requested that recipients disclose “any policies and procedures governing relationships with third-party service providers” as well as “any due diligence processes used to evaluate” all types of providers, including accountants and law firms. “It is abundantly clear that, in many respects, a firm’s level of cybersecurity is only as good as the cybersecurity of its vendors,” Lawsky wrote.

In “A Resource Guide to the U.S. Foreign Corrupt Practices Act,” the Securities and Exchange Commission (the “SEC”) and the Department of Justice (the “DOJ”) state that the agencies “assess whether the company has informed third-parties of its compliance program and commitment to ethical and lawful business practices, and where appropriate, whether it has sought assurance from third-parties, through certifications and otherwise, of reciprocal commitments.” To avoid regulatory action, the SEC and DOJ also suggest that regulated banks and financial institutions consider providing training to vendors.

The Office of the Comptroller of the Currency (the “OCC”) released new guidance in October 2013, advising banks to take a “life cycle” approach to managing third-party relationships (such as security providers, affiliates, consultants, joint ventures, and payment processors) from planning and due diligence to ongoing monitoring and termination.

When conducting due diligence – commensurate with the level of risk and complexity presented by the relationship – financial institutions should not rely on prior knowledge or experience of the third-party, the OCC said. Instead, they must conduct an “objective, in-depth assessment of the third-party’s ability to perform the activity in compliance with applicable laws and regulations and in a safe and sound manner” including a review of the third-party’s financial conditions (like any pending litigation or audited financial statements), reference checks, and evaluation of the entity’s legal and regulatory compliance.

Contracts should specify compliance with the regulations of relevant law, such as the Gramm-Leach-Bliley Act, the OCC added, and provide the financial institution with the power to conduct compliance reviews of the third-party.

Not to be outdone, the Consumer Financial Protection Bureau (the “CFPB”) followed up in January 2015 with the latest addition to its loosely-sewn patchwork of vendor management best practices and requirements. Compliance Bulletin 2015-01 which, among other directives, puts CFPB-supervised entities on notice that they may not invoke non-disclosure agreements to avoid complying with requests from the CFPB to produce a third-party’s confidential information.

For nonbanks and service providers still coming up-to-speed on the CFPB’s supervision and enforcement, confidentiality obligations, audit rights, vendor training responsibilities, and remedies for vendor breaches are among the more thorny agreement provisions that may need to be enhanced in light of developing trends.

Read OCC Bulletin 2013-29.

Read the SEC’s and DOJ’s “A Resource Guide to the U.S. Foreign Corrupt Practices Act“.

Read CFPB Compliance Bulletin 2015-01

May 8th, 2015|Legislation|