The Downside of Fairness
Federal agencies and the courts have advised employers to use experienced outside investigators to ensure compliance with internal controls and implement monitoring and auditing systems designed to detect criminal conduct by employees. The Fair Credit Reporting Act (FCRA), as interpreted by the FTC, undermines the effectiveness of outside investigations, due to various requirements. In sum, FCRA requirements stifle the ability Of outside investigators to thwart employee misconduct by providing the opportunity for wrongdoers to cover their tracks. The FCRA also puts limits on certain procedures performed by auditors, especially those related to complying with ASs 54 and 82.
Presently, it is unclear when 11 particular audit procedure becomes an investigation subject to the FCRA. Until the FCRA is clearly interpreted or amended by Congress, auditors and investigators may confront unreasonable restrictions on certain activities, increased liability exposure, or both.
How the Fair Credit Reporting Act Affects Audits and Other Investigations
Employers often hire outside experts such as independent auditors and forensic accountants to investigate allegations of employee misconduct. Such misconduct includes embezzlement, theft, expense padding, financial statement manipulation, bribery, and money laundering.
When investigating alleged misconduct, employers and outside experts must balance the need to combat financial and other losses with the rights of the suspect. Employers that conduct such investigations have faced charges of defamation, invasion of privacy, intentional infliction of emotional distress, and wrongful termination actions filed by employees accused of occupational fraud and abuse. Now employers and outside experts, including auditors and forensic accountants, could face a new hurdle: potential liability for failure to comply with the Fair Credit Reporting Act (FCRA).
In early 1999, the Federal Trade Commission (FTC), the federal agency that interprets and enforces the FCRA, indicated that various notice, disclosure, and consent requirements contained in the FCRA apply to many types of employee misconduct investigations undertaken by auditors, forensic accountants, lawyers, and other third parties. The various FCRA requirements discourage companies and accountants from undertaking third-party investigations and interfere with their effectiveness at a time when the SEC and other federal agencies virtually mandate corporate compliance programs. One important requirement established by federal Organizational Sentencing Guidelines is that firms "take reasonable steps to achieve compliance ... by utilizing monitoring and auditing systems designed to detect criminal conduct by employees." This requirement and firms' efforts to combat employee fraud in all its forms are all but undermined by the FTC's broad application of the FCRA.
Background on the FCRA
The Fair Credit Reporting Act (FCRA), which took effect in 1971, was enacted to protect consumers from inaccurate or misleading credit reports and from unauthorized disclosure of information in the reports. Heretofore, consumers had no way to discover such problems, because the users of credit reports had no legal obligation to provide them to consumers or disclose that they were being used. Also, credit agencies were not mandated to discard obsolete information or, if inaccurate information was found, to send corrected reports to users.
Consumer reports historically were used to evaluate and minimize the risk of loss in three kinds of events: extending credit, underwriting insurance, and employment decisions. The reports used in credit decisions are usually confined to a person's credit history and information from public records, such as liens and judgments. Reports for insurers and employers usually contain data on an individual's personal characteristics, general reputation, character, lifestyle, criminal record, driving record, and employment history. …