WorkAnswers is dedicated to providing clients of Scherzer International with excellent guidance to understand the complexities and intricacies related to pre and post-employment screening. With content designed and delivered exclusively by industry practitioners, WorkAnswers offers the most up-to-date guidance across various topics, from understanding new legal requirements to processing required documents, including I-9 verifications and adverse action letters.

We distinguish all of our instructional materials and articles by emphasizing case law and our articles provide a wealth of knowledge and expertise to skillfully illuminate even the most complex concepts. The content for our materials is constantly updated to reflect ongoing changes in the regulatory environment, industry practices, and technical innovations.

Our compliance team provides industry-leading materials to help for delivering the most relevant and practical HR solutions across a wide range of needs.

Consent for International Searches

,

A basic principle of conducting international searches on an individual is that you need a lawful basis for processing personal data. This principle applies to both employment-purpose and commercial background checks.

Although the number and type of lawful bases vary from one country to another (especially with the enactment of new data protection and privacy laws in many countries over the last several years), a lawful basis for processing personal data common to all international searches is the consent of the individual search subject. From a compliance perspective, obtaining an individual’s consent for the searches is the best practice.

Other than the requirements that the subject’s express consent be unambiguous and freely given, there is no universally prescribed format or wording for an international consent form.

If the subject’s consent cannot be obtained, you can look to a country’s data protection and privacy laws to determine if a different legal basis may be applicable for processing personal data that does not require the subject’s consent. It is always up to the controller of the data to determine the appropriate legal basis for processing personal data.

For individuals located in the EU or UK, there are several legal bases that will satisfy the compliance requirements under the EU GDPR, the UK GDPR and the Data Protection Act of 2018 (UK) if consent cannot be obtained. The controller can still request these searches if it has a legitimate interest in obtaining the individual’s personal data or needs the data to perform a contract.

If the request for the searches is based on a legitimate interest or performance of a contract, the individual must receive a notice of the controller’s intention to process the data. Notice can be given in several different ways, including directly to the individual, in an engagement letter or similar document, or by publication on the client’s website. The way the controller gives notice is their decision. 

OFAC: Know it and love it

With businesses increasingly including sanctions compliance language based on regulations from the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) in contracts and agreements, employers should take a minute to familiarize themselves with the issue and the potential for costly liability.

OFAC administers and enforces sanctions against countries or individuals (like terrorists or narcotics traffickers) with actions ranging from trade restrictions to the blocking of assets. For U.S. companies, the agency’s enforcement applies to banks, insurers, and others in the financial industry that may be engaged in covered dealings. OFAC takes action against U.S. entities that engage in transactions prohibited by Congress such as trade with an embargoed country or a transaction with a specially designated national (SDN).

Violation of the regulations, which apply to all U.S. citizens, can result in substantial fines and penalties. Criminal penalties can reach up to $20 million and imprisonment up to 30 years; civil fees can range from up to $65,000 to $1,075,000 per violation, depending on the activity at issue.

In an effort to avoid running afoul of such terrifying numbers, companies will include OFAC sanctions compliance language within corporate acquisition agreements, insurance policies, and credit agreements. Businesses are increasingly adding such language in light of stepped up enforcement efforts by OFAC that have resulted in sizable settlement agreements with U.S. entities.

For example, some contracts may include language requiring a party to state that it is not the target of any OFAC sanctions status, that no OFAC investigations are in process, or that it does not engage in transactions with countries like Iran or North Korea. Other deals may feature a provision affirming that a company is not owned by an individual on the list of SDNs, that the company is not based or located in an embargoed country, or assuring that the monies used to make an investment or purchase were not provided by a sanctioned country or individual.

However, it is important to note that the use of compliance language does not insulate a company from OFAC liability. While such a provision may create a contract-based remedy to recover monetary damages based on a fine or settlement with the agency, the clause cannot eliminate liability. Like any other governmental regulator, OFAC is not bound by private contract and can take action even with such terms in place.

To learn more about OFAC, click here. Link: http://www.treasury.gov/resource-center/faqs/Sanctions/Pages/answer.aspx