Know Your Employee

By Henry Bagdasarian

Companies should adopt a "Know Your Employee" process before it becomes the law. You may have heard of the PATRIOT Act which requires companies to have a Customer Identification Program (CID) to validate the identity of their customers and monitor their activities as part of their Know Your Customer (KYC) processes.

But what about the identity and background of employees that companies hire? It’s not uncommon to hear about stories of criminals who are accidently hired by banks and government agencies who failed to validate their identities or perform a background investigation. Sure, some employees who lie about their identities are not criminals but may just be illegal immigrants who need a job. But, the lack of a validation and investigation process on the part of hiring companies can lead to hiring criminals who can steal customer information, defraud the company, and even facilitate terror attacks. In a related case, it was reported that an accused criminal was hired by airport security to screen passengers. Obviously, the airport did not intend to hire a criminal as a security expert and the news that it hired such employee was very negative for the Homeland Security image but the cracks in its hiring practices created this security incident.

This is not different from the wall that Donald Trump wants to build at the US/Mexico border. The majority of people who cross the border to come into the US are honest working people who are pursuing a better life but the fact that immigrants can cross the border so easily without being detected or logged can encourage terrorists to take the same unsecured path that millions take to cross into the United States. The wall may not be the most effective solution but the intent or objective is clear.

There are many reasons why a company would want to establish some type of know your employee processes. As we discussed, criminals can join the workforce for a specific criminal purpose, or applicants may lie about their professional history and be less qualified for the job resulting in lower quality of products or services.

The know your employee process should also monitor employee activities for as long as they remain employed. This is very similar to the know your customer requirement whereby their activities are monitored to detect money laundering and suspicious activities which are reported to the government. Although there is no law similar to KYC for employees, the fact that some employees have access to sensitive data and system features makes is extremely risky for companies. In fact, employees with highly privileged access can cause far more damage to companies that customers who are being monitored  because of the regulation.

In conclusion, it’s important to have a know your employee process that validates the employee identity and background before they are hired and monitors their activities after they are hired for as long as they remain employed. Companies should recognize and manage this veritable and grave risk and not wait for a regulation to dictate what they should be doing.

Apply for the Certified Identity and Access Manager (CIAM) designation to be a recognized expert in a growing field.

Identity and Access Management Certification