=
The FCRA Checklist Every Hiring Manager Should Print and Tape to Their Desk
Estimated reading time: 6 minutes
Key takeaways
- Always use a standalone disclosure and obtain written authorization before ordering any employment consumer report.
- Follow pre-adverse and adverse action steps precisely: provide the report + Summary of Rights, allow a response period, then send a compliant adverse-action notice if needed.
- Layer state and local rules on top of the FCRA and centralize templates and automation to ensure consistent compliance.
Table of contents
- Quick FCRA overview that matters to you
- The FCRA checklist every hiring manager should print and tape to their desk
- How to implement key steps correctly (what hiring teams get wrong)
- What a compliant pre-adverse and adverse action workflow looks like
- Practical tools and checklist text you can print
- Practical takeaways for HR leaders and hiring managers
- Common scenarios and how to handle them
- Conclusion
- FAQ
Quick FCRA overview that matters to you
The Fair Credit Reporting Act (FCRA) governs how consumer reporting agencies (CRAs) prepare and furnish consumer reports and how employers use them. Employment background checks are consumer reports under the FCRA.
Employers are “users” of consumer reports and must: have a permissible purpose (employment); provide a standalone disclosure; obtain authorization; and follow required adverse action procedures.
Important: Several states and localities add specific restrictions or procedural steps — always layer state/local rules on top of FCRA obligations.
The FCRA checklist every hiring manager should print and tape to their desk
Use this as your step-by-step, at-the-desk reminder. Each line is a legal and practical control point.
Disclosure: Standalone, written disclosure before ordering a report
Provide a clear, standalone disclosure that you will run a consumer report for employment purposes. Do not bury this in an application or combine it with other consent items.
Written authorization: Obtain signed permission
Get the applicant’s written consent after the disclosure. Electronic signatures are allowed if they’re captured securely.
Confirm permissible purpose and certify to your screening vendor
Verify you have a permissible purpose (employment) and that you will follow adverse action rules when ordering the report. Most CRAs require this certification.
Identity verification: Match candidate identifiers before ordering
Confirm full name, DOB, current/previous addresses, and SSN (or partial SSN) to reduce mis-matching and false positives.
Select appropriate report scope for the role
Choose criminal, driving, education/employment verifications, and credit-based checks (only when job-related or permitted) based on job duties and legal limits.
Screen with state/local law in mind
Check for state/local bans (e.g., ban-the-box), timing restrictions, conviction-only rules, or limits on credit checks and salary history.
Review the report promptly and document findings
Compare report data to the candidate’s application. Flag discrepancies and note who reviewed and when.
Pre-adverse action: Provide candidate a copy and Summary of Rights before adverse steps
If considering rescinding or changing an offer due to the report, give the candidate a copy of the consumer report and the FCRA Summary of Rights, plus a reasonable time to respond (commonly 5 business days).
Adverse action: Send a compliant adverse action notice if you proceed
After taking adverse action, send a notice that includes: the CRA’s name, address, and phone; a statement that the CRA did not make the decision; notice of the consumer’s right to dispute; and notice of the right to obtain a free report within 60 days.
Recordkeeping: Keep copies of disclosures, authorizations, reports, and notices
Retain records in a secure, access-controlled location for the period required by law and your policies.
Train hiring staff and document procedures
Ensure everyone involved in hiring knows the workflow, who sends notices, and where records are stored.
Handle disputes quickly and fairly
If a candidate disputes information, pause adverse action decisions, notify your CRA, and document follow-up steps.
Don’t use report data beyond the permissible purpose
Do not repurpose employment consumer reports for tenant screening, marketing, or other non-permissible uses.
Review your policies periodically and update for law changes
Reassess forms, vendor contracts, and procedures annually or when laws change.
How to implement key steps correctly (what hiring teams get wrong)
Many violations come from small, repeatable mistakes. Below are the most common pitfalls and how to fix them.
- Mistake: Combining disclosure with other documents.
Fix: Use a standalone disclosure that plainly states you may obtain consumer reports for employment. Follow immediately with a separate authorization form. - Mistake: Failing to provide a copy of the report before adverse action.
Fix: Always give the candidate the actual report and the Summary of Rights before taking adverse action; allow a reasonable response period. - Mistake: Inconsistent practices across recruiters or locations.
Fix: Standardize templates and automate delivery of disclosures, reports, and notices through your ATS or screening vendor. - Mistake: Ignoring state/local variations.
Fix: Maintain a location-based rule checklist and configure your screening workflow to apply state rules automatically.
What a compliant pre-adverse and adverse action workflow looks like
Follow this sequence to reduce legal exposure and keep hiring moving.
- Candidate applies and you decide to screen.
- Provide standalone disclosure and get written authorization.
- Order the report with vendor certification of permissible purpose.
- Review report. If negative info may affect the offer, issue a pre-adverse action package:
- Copy of the consumer report
- FCRA Summary of Rights (must accompany the report)
- Reasonable time to respond (standard practice: 5 business days)
- After the candidate’s response window:
- If you proceed with adverse action, send an adverse action notice with required FCRA elements.
- If you change outcome based on a correction, document the basis and proceed accordingly.
Practical tools and checklist text you can print
Paste this short version onto a sticky note or printer-friendly card:
Provide standalone disclosure → Get written authorization
Verify candidate identity before ordering
Select job-appropriate report; apply state/local rules
Order report; certify permissible purpose to CRA
Review report; document discrepancies
If adverse: send report + Summary of Rights (pre-adverse) → allow reasonable time
If adverse action follows: send required adverse action notice with CRA info
Keep records; handle disputes; update policies annually
Practical takeaways for HR leaders and hiring managers
- Centralize compliance controls: Put disclosure and adverse-action templates in your ATS and limit who can order reports.
- Automate for consistency: Use your screening vendor’s automated notification tools so pre-adverse and adverse notices are delivered and logged correctly.
- Train and audit: Regularly train recruiters and hiring managers, then perform quick audits of a sample of hires to verify the FCRA steps were followed.
- Treat disputes as process signals: A candidate dispute can indicate a mismatched identity or outdated public-record information—use disputes to improve identity verification and vendor matching.
- Keep legal counsel involved for complex cases: If a report contains sealed records, expungements, or jurisdiction-specific restrictions, consult compliance counsel before acting.
Common scenarios and how to handle them
Scenario: Applicant disputes report after you rescinded an offer.
Response: Document receipt of dispute, notify your CRA promptly, pause further adverse actions, and consider reinstatement if the issue materially changes the decision.
Scenario: Local “ban-the-box” law prohibits asking about criminal history early in the process.
Response: Delay criminal-history questions and criminal-screening orders until the permissible stage; ensure your pre-disclosure aligns with local timing rules.
Scenario: Report contains a name match but different DOB/SSN.
Response: Treat as a potential mismatch. Re-verify identity with the candidate and request vendor reinvestigation before making adverse decisions.
Conclusion: Keep the FCRA checklist where you can see it
The FCRA checklist every hiring manager should print and tape to their desk isn’t just a compliance exercise — it’s a practical tool to make hiring faster, fairer, and less risky. Follow the disclosure, authorization, pre-adverse, and adverse action sequence reliably, layer state and local requirements over federal rules, and maintain clear records. These habits reduce legal exposure and improve candidate experience.
If you’d like a printable version of this checklist or want help configuring compliant workflows and automated notices across your ATS, Rapid Hire Solutions can help you translate these steps into templates, training, and vendor integrations tailored to your locations and roles.
FAQ
What must be included in the standalone disclosure?
Answer: The disclosure must clearly state that you may obtain a consumer report for employment purposes and be presented as a separate document from other forms. It should be plain language and precede the authorization.
How long should I give a candidate to respond to a pre-adverse package?
Answer: The FCRA does not prescribe a specific number of days, but common practice is to allow 5 business days. Document the response window and any extensions you grant.
Do state and local rules ever override the FCRA?
Answer: State and local laws can impose additional requirements or restrictions. They do not invalidate the FCRA but must be layered on top of federal obligations. Maintain a location-based checklist and update procedures accordingly.
What records should I retain and for how long?
Answer: Keep copies of disclosures, authorizations, consumer reports, pre-adverse and adverse notices, and documentation of decisions. Retention periods vary by jurisdiction and policy—retain records in a secure, access-controlled manner per your legal and internal requirements.