The Employer’s Guide to Navigating Background Check Compliance

The FCRA is the federal law governing background check providers, which the law calls consumer reporting agencies (CRAs), and the employers who use their reports. Checkr, for example, is a CRA, and background checks ordered by Checkr customers are regulated by the FCRA. If you send your own employees to the county courthouse, the FCRA doesn't apply. See law.

Because of the complexities of running background checks and the high overhead cost of manually managing a screening program, many employers choose to order verifications through a CRA—whether they run 10 or 1,000 checks per year. And so, the FCRA should be top of mind for most hiring managers.

Most FCRA class actions against employers fall into one of two buckets. Knowing the shape of each is the best prevention.

The lawsuit is almost always the same: the required disclosure wasn't clear and conspicuous, wasn't standalone, or contained "extraneous language."

Pro tip: Checkr provides built-in compliance tools that automate proper disclosure and authorization form creation for every background check—making it simple to avoid this common mistake.

Most adverse action lawsuits come from two specific failures: no pre-adverse notice sent, or the employer didn't wait the required window between pre-adverse and final notices.

You can improve your adverse action compliance by making sure your team always follows these steps when taking adverse action to comply with the federal FCRA. (Ban the Box laws in the states where you hire may add additional stipulations to this process, such as specific disclosure forms or longer waiting periods.)

The US Equal Employment Opportunity Commission (EEOC) enforces federal civil rights laws that make it illegal to discriminate against a candidate or an employee because of the person’s race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age (40 or older), disability, or genetic information. See law.

The EEOC suggests employers consider information in background checks, especially criminal records, based on an individualized assessment. This generally means that an employer informs the individual that they may be excluded because of past criminal conduct; provides an opportunity for the individual to demonstrate that the exclusion does not properly apply to them; and considers whether the individual’s additional information shows that the policy as applied is not job related and consistent with business necessity.

Ban the Box started as a push to remove criminal-history checkboxes from job applications. It's now a patchwork of laws, policies, and ordinances (often called Second Chance or Fair Chance laws) that govern when in the hiring process an employer can ask about or run a criminal background check.

37 states, Washington DC, and more than 190 cities and counties now have Ban the Box policies on the books. Coverage varies: some apply only to public-sector employers, many extend to private-sector employers above a headcount threshold, and a handful apply universally.

The 2026 State of Screening Compliance Report found that 58% of HR leaders at large organizations say applying consistent screening processes across regions, business units, or roles is difficult. Ban the Box is a big part of why.

"We streamline the process for our hiring managers and eliminate compliance errors by pre-building packages. The packages within Checkr and the integration with [our ATS], Hospitality Online, eliminate guesswork and concern for compliance.”

Matthew Siebert

Director of Human Resources, First Hospitality

Read case study

Hiring fraud shows up long before most candidates complete a background check. It shows up at the application, at the phone screen, on the interview video call. Synthetic identities, AI-generated credentials, deepfake interviewees, and candidates applying as someone else have moved the fraud problem upstream of the checks that used to catch it, and compliance owns a share of the exposure.

The numbers are catching up to the pattern. As of early 2026, only 31% of CHROs say they are extremely confident in their organization's ability to prevent hiring fraud. In a separate survey of hiring managers, 25% reported losses over $50,000 in the past year from hiring or identity fraud.

The temptation is to hand this to security or IT. That misses what fraud actually does to your compliance posture:

Identity verification (IDV) is a separate check from the background check. It confirms that the candidate is who they say they are, before the FCRA process begins. A complete IDV check has three components that work together:

The argument for putting identity verification before the background check is mostly a compliance argument, not a fraud argument. If IDV fails, the background check isn't run, which means no FCRA report exists on a false identity, no authorization was collected from the wrong person, no adverse action workflow is spun up for a record that doesn't belong to the candidate.

The three steps verify different things, and each depends on the one before it being true.

IDV anchors the other two. A background check run on a verified identity is a report you can act on. A background check run on a stolen or synthetic identity is a liability.

With Checkr, IDV can be automatically run as an optional step before the background check begins. If the candidate passes, the background check starts automatically with pre-filled, verified data from the ID. If the candidate fails, the background check isn't initiated.

While there are some steadfast aspects to background check compliance, like the federal FCRA, state and local jurisdictions are passing new legislation all the time that could influence how employers conduct screenings and mitigate risk.

Let’s take a look at a few types of legislation trending across the US that could have implications for your background check compliance. For all of the latest 2026 updates, check out this guide.

I-9 and E-Verify requirements are becoming more complex as both federal and state regulations evolve. In 2026, updated ICE guidance narrowed which Form I-9 errors are considered correctable, meaning more omissions and documentation issues may now trigger immediate fines. At the same time, a few states (notably Ohio and Illinois) are taking different approaches to E-Verify—some adding employer obligations around mismatch handling, others requiring its use in specific industries.

Even employers outside states with new legislation should pay attention. As more jurisdictions introduce their own rules for employment eligibility verification, organizations may need to revisit onboarding workflows, recordkeeping practices, and E-Verify procedures to reduce compliance risk and keep pace with changing requirements. Learn more.

The FCRA sets federal limits on credit history checks to seven years—but it’s becoming more and more common for states to add their own regulations to these types of screenings. Currently, 11 states, Puerto Rico, and four municipalities have restrictions on the use of credit information in hiring decisions. If these requirements are violated during an employment background check, you could face significant civil and fiscal penalties.

Notably, New York State significantly restricted employer use of credit history beginning in April 2026. New York employers should update their screening programs to remove credit checks unless they clearly fall within one of these statutory exceptions. Learn more.

Complex web of laws and screening regulations makes compliance challenging

FCRA

Legality of marijuana

Ban the box

Salary history

Credit history

FCRA is a federal law governing how companies order and consider information contained in a background check. It covers all 50 states, plus Washington DC and Puerto Rico.

47 states plus Washington DC have enacted laws that make medicinal and/or recreational marijuana use legal for adults under at least some circumstances.

37 states and 190 cities/counties have enacted Ban the Box laws that vary greatly based on scope, nature, location and and jurisdiction, but generally restrict some employers from asking about a candidate’s criminal history on initial job application forms.

19 states and 19 cities/counties, plus Washington DC and Puerto Rico, have enacted salary history laws that vary based on location and jurisdiction, but generally prohibit employers from asking for previous salary information.

11 states and 3 cities, plus Washington DC and Puerto Rico, have enacted laws that restrict the use of credit information in hiring decisions.

Adjudication is the process in which a company reviews background checks against the company’s hiring policies to make an assessment on whether to hire a candidate. This may seem straightforward, but each adjudication action can significantly delay the hiring process if you don’t provide your team with clear guidelines for consistent decision-making.

A recent Checkr survey found that the number of HR teams with dedicated adjudication teams has dropped from 18% in 2024 to just 8% in 2026. Meanwhile, 60% of compliance work now sits with general HR or onboarding teams, and two-thirds of those teams absorbed the added complexity without a headcount or budget increase. Adjudication is increasingly being done by generalists who also own onboarding, benefits, and everything else. Workflows have to carry the weight that specialists used to.

Background checks can be an area of concern for candidates, and your candidates’ experience can get sidelined if workflows are clunky, communication is poor, or worst of all—your reports are incomplete or inaccurate.

Excellent compliance helps support a positive candidate experience and keep great talent in your pipeline.

Whether you’re hiring your 1st or 10,000th employee, working with a background check partner like Checkr makes it easy to maintain compliance, mitigate risk, and hire qualified talent for your team as you grow.

When choosing a background check partner, look for the following features that can help you manage compliance and keep your checks on track.

Checkr helps employers simplify background check compliance with flexible, easy-to-use workflows designed to support hiring at any scale. From adjudication and adverse action to candidate communication, Checkr helps hiring teams and employers reduce risk, improve consistency, and stay aligned with evolving federal, state, and local requirements. With customizable screening tools, faster turnaround times, and 200+ ATS/HRIS integrations, you can fill roles with the best candidates—no matter how fast you need to move.

Checkr’s compliance engine helps customers create streamlined, easy-to-use workflows that align with applicable federal, state, and local laws, as well as your own background check policy and hiring criteria. From candidate communication and adjudication to adverse action, Checkr provides employers who hire at any scale the tools they need to mitigate risk.