Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
A Background Check Policy is an internal HR governance document that defines the conditions under which an employer screens job candidates and employees, which check types apply to which roles, how consent is collected, and how results inform hiring decisions. It translates federal requirements under the Fair Credit Reporting Act (FCRA) and EEOC guidance β as well as applicable state and local ban-the-box laws β into a consistent, repeatable procedure that every hiring manager can follow. Rather than leaving individual managers to improvise consent steps or evaluate criminal findings case-by-case, a written policy creates a documented standard that applies uniformly across every hire.
Operating without a written background check policy exposes your organization to enforcement risk on multiple fronts simultaneously. The FCRA imposes specific disclosure, consent, and adverse action procedures β each step with its own timing requirements β and missing any one of them opens the door to statutory damages of $100β$1,000 per applicant in a class action. Beyond federal law, over 35 states and 150 cities have enacted ban-the-box or criminal history restrictions that require knowing exactly when in your hiring process you can ask screening questions. Without a written policy, hiring managers apply different standards across departments, creating the inconsistency that triggers discrimination claims. A documented background check policy closes these gaps, gives HR staff a clear procedural guide, and demonstrates to auditors, regulators, and candidates alike that your screening program is deliberate and fair. This template gives you a compliance-ready structure you can customize to your organization in under two hours.
| If your situation is⦠| Use this template |
|---|---|
| Screening candidates for roles involving financial responsibility or cash handling | Background Check Policy (Financial Roles) |
| Screening candidates for roles involving children, vulnerable adults, or healthcare | Background Check Policy (Sensitive Roles) |
| Conducting ongoing or periodic re-screening of existing employees | Employee Re-Screening Policy |
| Screening contractors and vendors who access company facilities or data | Vendor Background Check Policy |
| Documenting the individual consent form given to each candidate | Background Check Consent Form |
| Formalizing the full hiring process from job posting through offer | Recruitment Policy |
| Notifying a candidate of an adverse action based on screening results | Adverse Action Notice |
Why it matters: The FCRA requires a standalone disclosure document. Embedding it in the application form is a technical violation that has resulted in class-action settlements exceeding $1M for large employers.
Fix: Use a separate, single-purpose disclosure and authorization form for every candidate β ideally the form provided by your CRA vendor.
Why it matters: Automatic disqualification based on any criminal record creates disparate impact exposure under Title VII and the EEOC's 2012 enforcement guidance, particularly for African-American and Hispanic applicants.
Fix: Replace automatic disqualification language with a documented individualized assessment process that evaluates offense type, recency, and job relevance before any adverse decision.
Why it matters: Sending only a final adverse action notice β without first giving the candidate the report and a waiting period to dispute inaccuracies β is one of the most frequently cited FCRA violations and can result in statutory damages per applicant.
Fix: Build the two-step process into your ATS workflow: pre-adverse notice plus a minimum 5-business-day waiting period before any final decision communication is sent.
Why it matters: Background check reports contain sensitive consumer data that should be accessible only to HR leadership and legal. Commingling them with general HR files exposes the data to broader internal access and complicates FCRA compliance records.
Fix: Create a separate, restricted-access file β physical or digital β for background check reports, distinct from the general employment record.
Enter your company name and list every worker category subject to screening β full-time, part-time, temporary, contract, and volunteer. If certain categories are excluded, state that explicitly.
π‘ Err on the side of broader scope. It is easier to document an exemption than to explain why a contractor with system access wasn't screened.
List every check type you use (criminal, credit, employment verification, education, MVR, professional license) and assign them to role tiers. Keep the tier definitions simple β three tiers cover most organizations.
π‘ Credit checks require a specific business necessity justification in several states β document the reason for each role category where you apply them.
Name the standalone disclosure form and authorization document candidates must sign before any check is initiated. Reference whether you use a CRA-provided form or a company-drafted form.
π‘ Your CRA vendor typically provides a compliant consent form β use theirs rather than drafting your own to reduce FCRA technical violation risk.
Define which findings trigger automatic review versus individualized assessment. Document the three EEOC factors β nature of offense, time elapsed, and job relatedness β as the required evaluation framework.
π‘ Avoid the phrase 'no felony convictions' as a blanket bar β it is the most litigated language in background check policies and has the highest disparate impact exposure.
Enter the waiting period (minimum 5 business days is the industry standard) between the pre-adverse action notice and the final notice, and name the HR role responsible for sending each communication.
π‘ Calendar the waiting period in your ATS or HR system the moment a pre-adverse action notice is sent β missing the window is the most common procedural failure.
Name the roles permitted to access reports, specify the storage location (separate from the general personnel file), and enter retention periods for hired versus not-hired candidates.
π‘ Most employment attorneys recommend a 5-year retention period to cover the full FCRA statute of limitations for civil suits.
Enter the annual review date, name the owner (typically HR Director or Chief People Officer), and add a version number and last-reviewed date to the footer of the document.
π‘ Subscribe to your state labor department's update mailing list β ban-the-box and credit check laws pass at the city level with little national publicity.
Share the finalized policy with every manager involved in hiring and collect written acknowledgment. Add the policy to your employee handbook and new-manager onboarding materials.
π‘ A brief 30-minute training session at policy launch prevents the most common mistakes β managers skipping consent steps or making informal hiring decisions before results are reviewed.
A background check policy is a written internal document that defines when and how a company screens job candidates and employees, which types of checks are conducted for which roles, how consent is obtained, and how results are evaluated and acted upon. It creates a consistent, documented process that reduces legal exposure and ensures hiring managers follow the same procedures across every hire.
No federal law mandates a standalone written background check policy, but operating without one creates significant compliance risk. The FCRA requires specific disclosure, consent, and adverse action procedures that are difficult to apply consistently without a documented policy. Many state and local ban-the-box laws impose procedural requirements that also benefit from a written policy. Employment attorneys universally recommend having one in place before conducting any screening.
At minimum, apply background checks to all candidates who receive a conditional offer of employment. Extend screening to contractors, volunteers, and vendors who access company facilities, sensitive data, or vulnerable populations. Role-specific checks β such as credit history for financial roles or motor vehicle records for driving roles β should be tied to documented business necessity and applied consistently to every person in that role category.
Common check types include criminal history (county, state, and federal), employment verification, education verification, professional license verification, credit history, motor vehicle records, sex offender registry, and reference checks. Employers typically use a combination based on role risk level. Credit and criminal checks carry the most legal restrictions and require the closest policy attention.
The adverse action process is the two-step procedure required under the FCRA before making a negative employment decision based on a background check report. Step one is a pre-adverse action notice β sent with a copy of the report and summary of FCRA rights β followed by a waiting period of at least 5 business days. Step two is the final adverse action notice if the candidate has not successfully disputed the findings. Skipping step one is the most commonly cited FCRA violation in employment class actions.
Ban-the-box laws prohibit employers from asking about criminal history on job applications, requiring the inquiry to be delayed until later in the hiring process β typically after a conditional offer is made. Over 35 US states and 150 cities and counties have enacted some form of ban-the-box restriction as of 2025. Your background check policy must reflect the rules in every jurisdiction where you hire, which is why an annual policy review is essential.
Generally no β not without significant legal risk. The EEOC's 2012 enforcement guidance states that blanket criminal history exclusions create disparate impact liability under Title VII. Employers are expected to conduct an individualized assessment weighing the nature of the offense, how much time has passed, and how directly the offense relates to the job duties. Automatic disqualification language in a policy is one of the most frequently scrutinized elements in EEOC investigations.
The FCRA statute of limitations for civil claims is generally 2 years from the date of violation, or 5 years from the date of the violation if the plaintiff was not aware of it β making a 5-year retention period the widely recommended standard. Most employment attorneys suggest retaining records for hired candidates for the duration of employment plus 5 years, and records for candidates not hired for a minimum of 2β5 years depending on the applicable state law.
This template is structured around US federal law β primarily the FCRA and EEOC guidance β and is the appropriate starting point for domestic US hiring. International background checks are governed by local data protection and employment laws, including GDPR in the EU and the UK, which restrict the categories of information that can be collected and how consent must be obtained. Organizations hiring internationally should adapt the policy with jurisdiction-specific legal guidance for each country.
A background check consent form is the standalone document given to an individual candidate to obtain their signed authorization before a check is run. A background check policy is the internal governance document that tells HR and hiring managers when, how, and why to use those forms. Both are needed β the policy without the form cannot be executed; the form without the policy creates inconsistent application.
A recruitment policy covers the full hiring lifecycle β job posting, interviewing, offer approval, and onboarding. A background check policy focuses specifically on the screening step that follows a conditional offer. In most organizations, the background check policy is a standalone document referenced by the broader recruitment policy rather than embedded within it.
An employee handbook communicates policies to employees at a high level, often including a summary of the background check policy. The standalone background check policy is the operational document with procedural detail β consent steps, evaluation criteria, adverse action timelines β that HR staff actually follow. The handbook references it; the policy governs it.
A drug testing policy governs pre-employment and ongoing substance screening β a distinct process from background checks with its own consent, lab, and result-handling procedures. Many employers conduct both as part of a conditional offer package, but they require separate policies because they are governed by different legal frameworks and administered by different vendors.
Credit history and financial crime checks are standard for most roles; FINRA licensing verification applies to registered representatives; fidelity bond requirements may dictate minimum screening levels.
OIG exclusion list checks are mandatory for any role billing federal healthcare programs; state nursing and medical board verification applies to licensed clinicians; patient-facing roles require enhanced criminal screening.
DOT-regulated positions require motor vehicle record checks and drug screening as a federal compliance matter; commercial driver's license verification must be documented in the policy.
High turnover means streamlined consent and quick-turnaround CRA relationships are operationally critical; cash-handling roles typically warrant criminal screening even in jurisdictions with broad ban-the-box laws.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Small to mid-size businesses hiring domestically in a single state using a standard CRA vendor | Free | 1β2 hours to customize and finalize |
| Template + professional review | Employers hiring across multiple states with ban-the-box laws, or those screening for regulated industries like healthcare or finance | $300β$800 for an employment attorney review | 3β5 business days |
| Custom drafted | Multi-state or international employers, companies subject to federal contractor requirements, or organizations recovering from an FCRA enforcement action | $1,500β$4,000+ | 1β3 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Free Forever PlanΒ Β·Β No credit card required
