When it comes to background checks, this mantra can save your organization from severe legal consequences: Know the rules, then choose the right tool. The Fair Credit Reporting Act (FCRA) imposes strict requirements on certain types of background screening, but not every situation falls under its umbrella.
As litigation is on the rise and regulators are paying closer attention to employer screening practices, understanding your legal obligations under the Fair Credit Reporting Act (FCRA) has never mattered more.
With an understanding of the distinctions between FCRA and non-FCRA background checks, compliance teams and risk officers get the information they need without unnecessary exposure, and that’s what we’re going to cover today.
FCRA vs. Non-FCRA Background Checks
Below, we break down when FCRA compliance is mandatory, when a non-FCRA approach makes sense, and why the right choice is such an important decision.
What the FCRA Covers (and Why It Matters)
The Fair Credit Reporting Act (FCRA) is a U.S. federal law passed in 1970 to promote the accuracy, fairness, and privacy of consumer information in the files of consumer reporting agencies.
In simple terms, the FCRA protects consumers from having their personal “consumer reports” (e.g., credit reports or background reports) used against them without their knowledge.
To achieve this, the law regulates three key groups:
- Consumer Reporting Agencies (CRAs): Businesses that compile and provide consumer information (from credit bureaus to tenant screening services).
- Users of consumer reports: Companies that request and use these reports for decisions.
- Furnishers of information: Entities (like lenders or courts) that supply data to CRAs.
Under the FCRA, a “consumer report” includes any communication of information by a CRA bearing on a person’s credit, character, reputation, personal characteristics, etc., used to determine eligibility for purposes like credit, insurance, employment, or housing.
In fact, the law spells out specific “permissible purposes” for which a CRA may furnish a report, and we’ll discuss some of those in a moment.
Why does this matter? FCRA compliance carries significant responsibilities and potential liabilities. Users of FCRA-regulated reports must provide pre-adverse action notices and adverse action notices if they decide not to hire or approve someone based on a report, giving the individual a chance to review and dispute the findings.
They must also ensure they only access reports for a permissible purpose and follow data retention and privacy rules. Failure to comply can lead to lawsuits, regulatory penalties, and even class action exposure.
When FCRA Compliance Is Mandatory
Next, let’s clarify some of the use cases that unequivocally require an FCRA-compliant background check (and thus trigger all of the law’s requirements):
- Employment background checks
- Tenant screening
- Consumer lending and credit checks
- Insurance for personal use
- Certain license or personal eligibility checks
In all of these cases, you must use an FCRA-compliant process and provider. That means using a reputable consumer reporting agency that follows FCRA procedures (e.g., verifying data accuracy and providing mandated notices) and ensuring your own internal processes meet the law’s requirements.
What Is a Non-FCRA Background Check?
Not all background checks fall under the same legal umbrella, and choosing the wrong one can be a costly mistake.
A non-FCRA background check refers to any background screening or investigation that is not being conducted for the FCRA-defined purposes of employment, consumer credit, insurance, or tenancy, and thus is not subject to the FCRA’s procedures.
Crucially, a non-FCRA check is not meant to determine an individual’s eligibility for a job, personal loan, or housing; instead, it’s often used for risk management, fraud prevention, or commercial due diligence.
Many of the same types of records used in an FCRA report (court records, criminal history, liens, etc.) can also be used in a non-FCRA context. The difference lies in how the information is used and who the end user is.
Any check that is solely on a business is a non-FCRA background check. Here are a handful of common scenarios where non-FCRA background checks are preferred or legally appropriate:
- Due diligence in business transactions
- Fraud investigations and regulatory compliance
- Business-to-business lending and credit extensions
- Third-party/vendor screening and monitoring
Non-FCRA checks offer clear advantages when used appropriately. Without FCRA’s procedural steps, they provide broader insight, pulling from sources like international records and media.
Since these checks aren’t used for employment or personal credit decisions, they typically don’t require consent or notices, so the process can be faster and more discreet.
Importantly, using a non-FCRA service does not mean anything goes. Reputable non-FCRA providers still adhere to privacy and permissible use laws to prevent misuse of data.
Using “Instant” Online Checks for Hiring
A manager might try to save money using a cheap people-search site or app to vet a job candidate instead of ordering a proper FCRA-compliant background check.
But what if that service provides information used in an employment decision? Then it qualifies as a consumer reporting agency. If it isn’t following FCRA, both the service and the employer can be liable.
The FTC has taken action against companies like Filiquarian and Instant Checkmate for marketing these kinds of reports to employers without meeting FCRA requirements. The takeaway: the fines for using non-compliant services for employment decisions can far exceed any savings.
FCRA Compliance Gaps in Hiring
Another common mistake is assuming you’re fully compliant with FCRA, but overlooking a fundamental step.
FCRA claims against employers have surged in recent years, often tied to missed notices or flawed disclosure forms. If your team handles hiring, routinely review your process.
For example, 7-Eleven and Delta Airlines have faced class action lawsuits costing them over $2 million each, not for running background checks improperly, but for missing key FCRA steps.
The above examples underscore that using consumer data carries responsibility. Whether under FCRA or not, ethics and accuracy matter.
Given the legal and operational consequences of misclassifying background checks, choosing a screening provider who understands the differences between FCRA and non-FCRA background checks isn’t a decision to make lightly.
Understanding the nuances of these background checks is not easy, and that’s where choosing the right partner becomes paramount. AIS is your experienced partner for FCRA compliant background screening.
Our reports are compiled by licensed investigators and include human-vetted insights, not just raw data. That means you get actionable information (not mountains of search results) to make informed decisions with confidence.
Always consult with your legal/compliance team before proceeding with any background check program – this cannot be overstated. We work hand-in-hand with our clients’ compliance officers to ensure each screening program is designed correctly.