Hiring teams increasingly talk about risk assessment as a required part of responsible growth, especially in roles with access to money, data, payments, vendors, or approvals. The most common tool organizations rely on is the background check. It is familiar, measurable, and easy to place into a hiring workflow.
But there is a problem. Background checks confirm what is already documented. Fraud risk often is not documented until after the damage is done.
This article explains what the data says about background checks, why clean results can be misleading, and why integrity testing can strengthen hiring decisions as part of a structured risk assessment process.
Background checks are common, but usually come back clean
In the referenced 2024 data, 57% of victim organizations ran background checks on perpetrators before hiring them. The most common checks were employment history (47%) and criminal checks (43%).
Other background checks were also used, including education verification (30%), reference checks (30%), credit checks (20%), and drug screening (13%).
This sounds like a strong control environment. The issue appears in the outcome.
In 84% of the cases where a background check was run, the check did not reveal any existing red flags.
In 16% of cases, the background check did reveal prior activity that could have served as a warning sign, yet the organization hired the person anyway.
The implication is straightforward. Many organizations are investing time and money into screening, but the screening often does not identify risk before hire. Even when it does, decision-making does not always act on the findings.
Why background checks miss risk, even when you do them right
A background check is designed to answer history-based questions.
- Is the identity consistent?
- Is the employment history accurate?
- Is there a known criminal record that appears in the databases searched?
That makes background checks valuable for verification and compliance. But fraud risk frequently sits outside what a background check can reliably detect.
The 2024 data highlights this limitation. When checks are run, they typically reveal nothing actionable, which reinforces that many occupational fraud perpetrators do not have a documented fraud-related criminal or employment history that would appear as a red flag in a standard check.
A clean background check often means only one thing. There was no documented history available to find.
A second blind spot: credentials do not equal low risk
Many hiring processes unintentionally treat education and professional polish as a proxy for trust. The data challenges that assumption.
In the report’s findings, more than two-thirds of fraudsters had at least a university degree.
The report also shows higher median losses among more educated perpetrators.
- University degree: 52% of cases, 180,000 dollars median loss
- Postgraduate degree: 15% of cases, 250,000 dollars median loss
- Some university: 14% of cases, 100,000 dollars median loss
- High school graduate or less: 19% of cases, 89,000 dollars median loss
This does not mean education causes fraud. It means that degrees, seniority, and confidence should not be mistaken for a risk control. In many roles, higher capability and higher trust can increase the potential impact of wrongdoing.
Where integrity testing improves results: measuring risk that has no record
If background checks validate history, the gap is obvious. Risk can exist without a history.
That is where integrity testing becomes useful as part of hiring risk assessment.
Integrity tests are designed to evaluate behavioral and ethical risk indicators that a background check cannot detect because they are not dependent on documented events. Instead of asking what happened in the past that got recorded, integrity testing helps assess how likely someone is to rationalize policy violations, misuse access, or take shortcuts under pressure.
Used properly, integrity testing can help organizations:
- Add a consistent, role-relevant risk signal when background checks return no findings
- Standardize decision inputs across hiring teams, which reduces purely subjective judgment
- Treat screening as a measurable risk assessment layer, not a checkbox
Integrity tests should not replace background checks. The best practice approach is layered. Use background checks for verification, and integrity testing for behavioral risk assessment.
A practical, risk-based hiring process
If you want better screening outcomes, the workflow needs governance, not just tools. A practical model looks like this.
1) Tier roles by risk exposure
Not every role needs the same screening depth. Define tiers based on access, autonomy, and ability to override controls.
2) Run background checks for verification
Keep background checks focused on what they do best: identity and credential validation and history confirmation.
3) Add integrity testing as the behavioral risk layer
Use integrity testing to evaluate non-history-based risk indicators, especially for roles with financial authority, sensitive systems access, procurement influence, or limited supervision.
4) Define what happens when you find risk
The data shows that in 16% of cases, a warning sign was found and the candidate was hired anyway. That is a governance issue.
A strong process defines in advance:
- Which findings are disqualifying
- Which require escalation
- Which can be mitigated with restricted access and enhanced oversight
Background checks are necessary, but not sufficient
Background checks remain a valid hiring control, but they are often misunderstood as a fraud-prevention solution on their own. The 2024 data shows that when checks are run, most reveal no red flags (84%), and even when red flags exist, organizations may still hire (16%).
If your organization is serious about risk assessment in hiring, the objective should be to build a layered system. Use background checks to verify, integrity testing to assess behavioral risk, and clear governance so findings lead to consistent decisions.
FAQ
Are background checks still worth doing?
Yes. They are valuable for verification. The issue is treating them as sufficient for fraud risk screening when they often return no actionable findings.
What does it mean if a background check comes back clean?
It often means there was no documented history available to find, not that risk is absent. The data shows 84% of checks revealed no existing red flags.
Why include integrity tests in hiring?
Integrity testing can assess behavioral and ethical risk indicators that are not captured by record-based screening, which strengthens the overall risk assessment process.
Does education reduce fraud risk?
Not necessarily. More than two-thirds of fraudsters had at least a university degree, and median losses increased with education level in the referenced data.
The article is based on data taken from – www.acfe.com – link