My name is Jeff Byal, and I serve as the Chief Financial Officer for Appriss Inc., a global leader in data and analytic solutions. Our mission is to solve some of the most urgent and complex societal and business challenges through the power of data – from fighting corporate and retail fraud, to battling the opioid epidemic, to keeping communities and organizations safe.
I’m not only responsible for our finance, accounting, and treasury operations, but also our legal, compliance, and risk management functions across our organization. Given our global operations, risk mitigation and compliance are mission critical here at Appriss. This structure fully aligns us with our customers, as they manage complex employee and contractor relationships.
Risk mitigation has a direct impact on our financial operations and enterprise valuation. Staying vigilant and cognizant is the right thing to do to ensure our employees are safe, but it also protects our bottom line and, therefore, our ability to best serve our customers.
Risk mitigation at the organization level is complex and multi-faceted; there are several types of risk that we must strategize around. One such risk is workforce risk, and we simply cannot be successful when this type of risk goes unidentified.
Workforce risks are malicious threats stemming from people within the organization, such as employees and contractors—those who have physical access to the workspace and/or to information regarding the organization’s security practices, data, and computer systems. Threats may involve fraud, theft of confidential information/intellectual property, or the sabotage of computer systems. Threats also include workplace violence or other physical acts that can harm an organization and its personnel.
Not surprisingly, unidentified workforce risk can have a profoundly negative impact on an organization, often resulting in financial harm, loss of customer loyalty, loss of brand value, reputational damage, and, unfortunately, human tragedy.
These threats are quite common. Generally, workforce risk mitigation has multiple layers and involves having the appropriate security-driven processes, procedures, and safeguards in place—as well as maintaining constant vigilance by functional teams such as HR, Legal/Compliance, Corporate Security, and Risk Management.
Workforce risk is so common, in fact, that following a 2015 study of over 400,000 employees, we found that 12% of the workforce is likely to be arrested over the next 5 years and 20% arrested over the next 7 years. Now, an arrest certainly does not automatically equate to a threat to that person’s organization. But those are big numbers that have the potential to equate to very real, very harmful events that have the potential to destroy a business and/or endanger its most important asset: its employees.
Additionally alarming statistics tell us that:
- 65 million people–one in four adults–have criminal records. (source)
- The average cost of a poor hiring decision can equal 30% of the first year’s potential earnings. (source)
- In 2016, occupational fraud cases caused losses of over $6.3 billion nationally. (source)
Without a crystal ball, we will never know exactly where risk will stem from or when threats will occur. But, we have chosen to implement a data-driven safety solution that helps us identify potential workforce risk based on employees’ criminal behavior. Risk Intelligence confidentially alerts pre-determined Appriss personnel—in real time—when an employee is arrested and incarcerated in the United States.
We know first-hand the benefits of such a solution, as Risk Intelligence is offered through one of our three business units, Appriss Safety. Yes, we practice what we preach. Built off of Safety’s nationwide incarceration database, it’s a solution typically offered to organizations through background screening companies.
Having been in this industry for over two decades, I can tell you with confidence that this is cutting edge. The majority of my professional and industry peers utilize pre-hire background screening for job candidates. Some re-check their current workforce on a periodic basis. But this idea of continuously monitoring your workforce for criminal activity is a game-changer. For example, if your child’s school bus driver is arrested for a DWI on Friday night, posts bail, and is back to work driving your child to school Monday morning—that is an extremely risky, and now very avoidable, situation. And now that this exists, and some of the biggest names in U.S. business are jumping on board, I can only assume that the pressure will begin to mount in all industries to implement this next level of mitigating enterprise risk and ensuring workplace safety.
Continuous Monitoring at Appriss
Like many companies, Appriss has instituted a self-reporting policy. Meaning, if an employee is arrested, they must self-report to the company. Unfortunately, these policies are extremely hard to enforce, as there has never been a reliable, efficient avenue where companies could access this arrest information, and therefore confirm that employees are complying with the policy.
It may seem as though Risk Intelligence and its continuous monitoring capabilities would be most crucial for public-facing positions, and jobs that work with vulnerable populations, such as children or the elderly. And I would agree, but I believe that every industry can benefit from such knowledge. Risks are blind to industry, job title, and organizational tenure. As such, we made the decision to apply continuous monitoring to Appriss’ entire workforce. The thought process is simple, if we are going to be the stewards of such a high volume of sensitive data, we must take every precaution available to us to mitigate workforce risk. Continuous monitoring also helps us facilitate a safer work environment—an invaluable benefit—and helps us uphold our “ICARE” values: Integrity, Customer-Driven, Accountability, Respect, and Excellence.
I’ve been asked by some in the industry if Appriss has been faced with any internal backlash from employees, regarding confidentiality. Is it too “big brother”? The answer is no. There are only a select few individuals in HR and Legal who receive an employee’s arrest alert. The information goes nowhere until we can conduct a proper investigation on our end, and conclude that it poses a threat to our business and/or our employees. The arrest may be deemed “not applicable” to that employee’s position. For example, I don’t care if one of our engineers is arrested for jay-walking. I do care if he is arrested for embezzlement. We don’t want to ruin reputations. The idea here is not to be punitive—just to be safe and keep bad actors out of our organization. Explaining it this way to our employees was important, and it resonated with them. My team received no employee push-back when we implemented the policy and program, as this seemed such a logical extension of our core values and mission.
Like most organizational initiatives, there are of course legal hurdles to work through and policies and procedures that need to be adopted prior to implementation, but continuous monitoring is the next frontier in workforce risk management, and there is no going back. There is such a sense of security here at Appriss on behalf of the executive team and our employees—knowing that we are continuously monitoring for risky criminal behavior. This single act of caution has the power to strengthen our business and further ensures the physical safety of our employees.