Gaps in trust: Why background checks must evolve

By Michael Tapling

The case of Matt Weiss, former NFL and University of Michigan assistant football coach, brought to light a stark and often under-examined risk in workforce governance: the long-tail impact of insufficient vetting and oversight. In 2023, Weiss was placed on leave and subsequently dismissed after allegedly accessing university email accounts without authorisation. The nature of the data involved—private communications and, reportedly, intimate content belonging to athletes—intensified scrutiny, raising urgent questions about how individuals gain and maintain access to sensitive systems and communities.

While the details of this particular case continue to unfold, the broader message is unambiguous: trust, once given, cannot be assumed to remain intact. Hiring protocols, especially at senior or sensitive levels, must be designed not only to verify competence but to anticipate risk. This is not a fringe concern—it is a central issue in organisational resilience.

Building a screening framework that holds up

Too often, background checks are seen as transactional—a compliance requirement rather than a strategic risk control. But the reality is, the quality of your people defines the integrity of your operations. A rigorous framework should include:

• Criminal record checks: Access to criminal records varies by country, but employers should pursue the fullest legally available checks. Where appropriate, this may include overseas convictions or public regulatory disclosures. The aim is to establish a clear, lawful picture of an individual’s suitability for the role—particularly where trust and access are key.
• Verification of identity and credentials: Automated document checks alone are insufficient. Manual validation against issuing authorities, where possible, adds necessary assurance.
• Employment history and reference validation: Titles and dates don’t tell the full story. Direct reference interviews provide nuanced insight into conduct, trustworthiness, and behavioural red flags.
• Financial background analysis: Creditworthiness checks can surface undisclosed financial pressures—often a precursor to fraud or coercion risk.
• Online behaviour and reputational risk reviews: Publicly available digital content may indicate ideological extremism, discriminatory attitudes, or patterns of harassment that would not surface in formal records.
• Global sanctions and watchlist screening: Names must be checked across a wide range of databases—OFAC, EU, HMT, UN, World Bank—and monitored regularly, not just at entry.
• Adverse media and litigation traces: Civil litigation histories, regulatory actions, or repeated mentions in adverse press should inform the risk profile of a candidate, particularly in fiduciary or governance roles.

Continuous screening: A necessary evolution

One of the most persistent myths in risk management is that screening is a one-off exercise. In reality, risk is dynamic. People change. Circumstances shift. Without a mechanism for reassessment, even the best hiring decision can become a latent threat.

An effective ongoing screening strategy should:

• Track legal and criminal status changes: Ongoing criminal activity or inclusion on new sanctions lists must trigger alerts and action.
• Monitor emerging financial instability: Sudden changes—defaults, bankruptcies, liens—may indicate heightened vulnerability to misconduct.
• Adapt to shifting regulatory requirements: Particularly in sectors like financial services, healthcare, and aviation, obligations evolve. So must compliance procedures.
• Correlate access and risk profiles: Aligning re-screening protocols with access privileges allows for early detection of insider threats or privilege misuse.

Structural weaknesses have operational consequences

What the Weiss incident exemplifies is not a failure of ethics alone—it is a failure of process. If access had been more tightly controlled, if risk indicators had been flagged earlier, it’s possible the outcome would have been different. Systems failed quietly, and over time. The implications for business leaders are clear: prevention must be systematic, not reactive.

The reputational costs of misconduct, the regulatory fallout, and the internal disruption are all measurable. So too are the benefits of intelligent screening infrastructure: lower attrition, reduced fraud exposure, and strengthened stakeholder confidence.

Conflict International: A strategic partner in risk resilience

Conflict International works with clients globally to design and deliver robust, sector-specific screening programmes that go beyond the conventional. We apply investigative rigour, multi-jurisdictional capability, and up-to-date regulatory intelligence to support effective workforce risk management.

Whether you’re re-evaluating your current process or developing a more agile rechecking strategy, we can help build a framework that protects both people and reputation.