3 days ago
How To Build A Smarter Risk Framework In A Post-Background-Check Era
Darrin Lipscomb is the Founder & CEO of Ferretly, a risk intelligence platform helping organizations adapt to modern compliance challenges.
Institutional risk frameworks are under growing strain, yet many leaders remain unaware of the shifts undermining their effectiveness.
I see this erosion as especially evident (yet overlooked) when it comes to talent and hiring decisions. The average cost of a bad hire ranges from $15,000 to even more, yet traditional screening methods often miss the behavioral red flags that can help predict cultural misalignment and team disruption.
Where Risk Actually Lives Today
Across the United States, we are seeing legislative changes quietly dismantle the legal foundation that compliance systems were built on. Utah's S.B. 70, Maryland's recent conviction reporting restrictions, Washington's 2026 rollout of expanded limitations—these aren't isolated policy adjustments. These structural shifts increasingly render traditional background check frameworks obsolete.
Meanwhile, the real vectors of organizational risk have migrated entirely. Reputation damage now travels at the speed of social media. Cultural misalignment can derail million-dollar partnerships in hours. Brand risk lives in real-time digital behavior, not in historical databases that are being legislated out of relevance.
The result is a dangerous gap where legacy compliance infrastructure, designed for a static world, operates in a dynamic environment where the actual risk signals live elsewhere entirely.
Consider the reality: Companies relying solely on conviction-based screening may miss critical risk indicators because the legal framework no longer permits access to them. Yet the behaviors that generate risk haven't disappeared. They've moved to platforms that legacy systems weren't built to monitor.
It's like trying to drive on the freeway with a speedometer that only works under 25 mph.
Signal Degradation Versus Signal Migration
Criminal records, employment verification and education credentials check what someone did, not what they're doing now or how they operate in real time.
In contrast, public digital behavior can offer more predictive insight into cultural fit, judgment and alignment than a clean background check from five years ago. Social media patterns reveal decision-making processes, communication styles and value systems that directly affect team dynamics.
The shift isn't just cultural—it's operational. Leading companies are supplementing traditional background checks with reviews of candidates' public digital behavior to assess cultural alignment and risk in real time.
Shopify, for example, states that both criminal history and public profile reviews may be part of their hiring process, depending on the role. Not because they're abandoning risk management, but because they recognize where actionable signals live in 2025.
Infrastructure Versus Information
I find that many organizations confuse data collection with system design. They add more checks, more verification steps and more bureaucracy without addressing the underlying infrastructure problem.
Real compliance infrastructure isn't about gathering more information. It's about processing the right information, at the right time, in the right context.
Modern risk requires real-time analysis of behavioral patterns. Therefore, effective risk infrastructure must be predictive, not just historical. It must analyze patterns over isolated events. And it must be built into decision-making workflows, not tacked on as a separate compliance bureaucracy.
Predictive Compliance Architecture
I believe organizations looking to modernize should anchor their risk infrastructure to three key principles.
This involves analyzing ongoing behavioral patterns that predict future alignment or risk. Examples include hostile public commentary, engagement with extremist subcultures, linguistic markers of deception, harassment or trolling and rapid ideological shifts.
Organizations can capture these signals through natural language processing for sentiment and toxicity analysis, visual symbol recognition for meme culture, coded language and timeline-based anomaly detection that identifies concerning pattern changes.
This means that you recognize that risk suggests different things in different roles and cultures. Organizations must assess signals in the context of their organizational values, teams and mission.
For example, a financial controller role likely prioritizes trust, ethics and data integrity, making gambling behavior, cryptocurrency speculation and financial fraud indicators particularly relevant.
On the other hand, a sales executive role emphasizes influence and communication, making manipulative tactics, aggression and toxic humor as more concerning. The framework should start with role values: What values must this person embody publicly and privately? What behaviors most directly undermine those values?
Effective integration makes risk signals part of your operational flow rather than an external process. Low-friction tactics include tagging behavioral summaries inside HR or applicant tracking systems (ATS) profiles, embedding risk indicators in hiring committee review templates and creating dashboard systems with digestible weekly alerts.
Many organizations are piloting automated digital behavior screening solutions for key roles. The vendor landscape is growing, enabling smaller employers to access real-time behavioral insights during hiring.
The Institutional Adaptation Challenge
Government agencies are adapting. Since 2019, U.S. visa applicants have been increasingly expected to provide all social media identifiers. As of July 2025, consular officers may request applicants to make these accounts public for vetting purposes.
Major research institutions such as the RAND Corporation have documented the federal government's exploration of open-source intelligence, including a systematic review of public digital behavior as an additional layer for vetting and personnel security frameworks.
But private sector adaptation remains uneven. The competitive advantage will go to institutions that modernize early, recognizing this shift as a strategic opportunity rather than a compliance burden.
Beyond Compliance: Operational Intelligence
The deeper opportunity is not just compliance but intelligence. When risk infrastructure is designed around real-time behavior and contextual fit, it elevates the entire organization.
Consider a recent example: A technology company caught a candidate with clean criminal records who was actively engaging in harassment campaigns on social media. Traditional screening would have missed this entirely.
The Strategic Imperative
I recommend you start with your highest-risk roles: finance, customer-facing positions and leadership tracks. Pilot digital behavior screening for these positions while maintaining traditional checks as a baseline.
Simply put, with the updated strategies in place, you hire better. You reduce team friction. You prevent reputational landmines before they explode. That's not just a screening upgrade, but a competitive advantage.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
