What laws govern pre-employment due diligence?

The Fair Credit Reporting Act (FCRA) governs background checks. Title VII and EEOC guidance shape criminal history use in hiring. GDPR applies to EU candidates. State ban-the-box laws restrict criminal history inquiries in over 35 US states.

What is FCRA adverse action procedure?

If a background check result may disqualify a candidate, FCRA requires a pre-adverse action notice with a copy of the report, at least five business days for the candidate to respond, then a final adverse action notice.

How does due diligence apply to vendor selection?

Vendor due diligence verifies that an HR technology vendor meets security and compliance standards before sharing employee or candidate data. Key checks include SOC 2 Type II, GDPR DPA, sub-processor list review, and data retention policies.

Can skills assessments be part of due diligence?

Yes. Skills assessments verify a candidate's present capabilities rather than their past record. They create a documented, consistent, job-relevant selection record that supports EEOC compliance and reduces negligent hiring risk.

What is negligent hiring and how does due diligence prevent it?

Negligent hiring holds employers liable when they hire someone with a known harmful history and that person causes harm. Background checks, reference checks, and credential verification create a documented record of reasonable care.

Due diligence in HR: definition and guide (2

Pre-employment due diligence is the verification process applied to candidates before a job offer is finalized.

Summarise this post with:

Due diligence in HR is the systematic investigation of workforce, employment practices, and human capital risks before a major business decision. Applied in M&A people reviews, pre-employment screening, and vendor assessments (SOC2, GDPR, data handling).

Image showing the meaning of due diligence

Three types of HR due diligence

1. M&A due diligence

When a company acquires or merges with another, HR is responsible for reviewing the target company’s entire workforce. According to SHRM, nearly 70% of M&A deals fail to achieve expected synergies, with people-related challenges — cultural misalignment, key-talent attrition, and compensation conflicts — cited as primary causes.

M&A HR due diligence typically covers six domains:

Headcount and org structure: total employees, contractors, and consultants; reporting lines; location distribution
Compensation and benefits: base pay bands, bonus structures, equity grants, pension obligations, and benefit costs per employee
Employment contracts: non-competes, change-of-control clauses, golden parachutes, and collective bargaining agreements
Litigation and compliance: pending or settled employment lawsuits, EEOC charges, wage-and-hour violations, and OSHA incidents
Culture and engagement: voluntary turnover rate over 3 years, engagement survey results, Glassdoor rating trends, and executive retention risk
HR systems and data: HRIS platforms in use, payroll providers, data residency for GDPR compliance, and integration complexity

2. Pre-employment due diligence

Pre-employment due diligence is the verification process applied to candidates before a job offer is finalized. It confirms that the candidate’s credentials, history, and identity match what they have represented. At enterprise scale, this process also protects the organization from negligent hiring claims — a legal standard that holds employers liable if they hire someone with a known harmful history without reasonable verification.

Standard components include:

Background checks: criminal record, employment history, and identity verification. Governed by the Fair Credit Reporting Act (FCRA). Employers must provide a standalone written disclosure and obtain written consent before running any consumer report. If a background check result prompts a hiring decision against the candidate, the employer must send a pre-adverse action notice and allow at least five business days for the candidate to respond before issuing a final adverse action notice.
Reference checks: structured verification of role, tenure, performance, and conduct with former managers. At minimum, verify the last two positions.
Credential verification: degrees, licenses, certifications, and professional registrations — particularly critical for regulated roles (healthcare, legal, finance).
Skills assessment: objective, role-specific testing to verify the competencies a candidate claims. Structured assessments reduce reliance on unverified self-reporting and cut time-to-validate versus manual reference alone.
Credit and financial checks: permitted for roles with fiduciary responsibility in most US states, subject to state-specific restrictions and FCRA requirements.

EEOC compliance note: background check policies must be applied consistently across all candidates for a given role. Blanket exclusions based on criminal history can constitute disparate impact discrimination under Title VII. The EEOC recommends individualized assessments that consider the nature of the offense, time elapsed, and relevance to the job.

GDPR note for international hires: processing personal data for pre-employment screening in the EU requires a legal basis under GDPR Article 6. Consent is rarely the appropriate basis in employment; legitimate interest or legal obligation is more defensible. Retain screening data only for the period necessary, and document your retention policy.

3. Vendor due diligence

Enterprise HR teams purchase dozens of tools: HRIS platforms, ATS, payroll providers, background screening vendors, and assessment platforms. Vendor due diligence verifies that a third-party meets your security, compliance, and data handling standards before you share employee or candidate data with them.

Key checks for HR vendors:

SOC 2 Type II certification (or equivalent) confirming security controls are operational, not just designed
GDPR Data Processing Agreement (DPA) in place if the vendor processes EU personal data
Sub-processor list reviewed and approved
Data retention and deletion policy documented
Incident response SLA and breach notification timelines confirmed
Employment practices of the vendor itself, if using staffing or outsourced HR services

M&A HR due diligence checklist

Use this checklist as a starting framework. Adjust scope based on deal size, industry, and target company geography.

Category	Data to request	Risk if missing
Headcount	Employee census by role, location, type (FTE/contractor/temp)	Misclassified contractors, hidden labour costs
Compensation	Salary bands, bonus history, equity schedule, pension liabilities	Pay equity exposure, retention cost surprises post-close
Employment contracts	All executive agreements, NDAs, non-competes, CBA	Change-of-control triggers, unenforceable non-competes
Litigation	Active EEOC charges, employment lawsuits, wage claims, OSHA violations	Inherited legal liability, reputational damage
Culture and retention	Voluntary turnover rate (3 years), engagement scores, exit survey themes	Key talent flight post-announcement, integration failure
HR systems	HRIS, payroll, ATS, LMS vendors and contracts	Integration costs, data migration risk, GDPR exposure
Benefits	Health, retirement, PTO policies, and cost per employee	Benefits harmonisation cost and employee relations conflict
Compliance	I-9 status, background check policies, drug testing policies	Immigration violations, negligent hiring claims

Legal framework for HR due diligence

Several federal laws directly shape how HR due diligence must be conducted:

Fair Credit Reporting Act (FCRA): governs all background checks conducted by or through a consumer reporting agency. Requires written disclosure, consent, and adverse action procedures. Penalties for willful violations reach $1,000 per incident plus punitive damages.
Title VII (EEOC): background check policies must not result in disparate impact on protected classes. Use individualized assessments for candidates with criminal records.
GDPR / UK GDPR: applies to screening of EU and UK candidates. Requires lawful basis, data minimization, and documented retention periods.
WARN Act: in M&A, if a deal results in layoffs of 50 or more employees, 60-day advance notice may be required. HR due diligence must flag workforce reduction scenarios early.
State ban-the-box laws: over 35 US states restrict when criminal history inquiries can be made. Enterprise HR teams hiring across multiple states need a state-by-state compliance map.

How skills assessment fits into due diligence

Background checks verify the past. Skills assessments verify present capability. For roles where competency is the core hiring risk — not criminal history or credential fraud — structured skills tests are the most direct form of pre-employment due diligence.

Enterprise HR teams using structured assessments as part of due diligence benefit from three compliance advantages:

Documented selection rationale: assessment scores create an auditable record of why a candidate was or was not advanced, supporting EEOC-compliant adverse action decisions
Consistency at scale: every candidate sits the same assessment, eliminating variation from informal reference calls or interviewer bias
Job-relevance defence: role-specific assessments tied to actual job tasks satisfy the EEOC’s “job-related and consistent with business necessity” standard for selection procedures

Validate candidate credentials with Testlify’s pre-employment assessments. Start free trial

Due diligence vs. background check: what’s the difference?

A background check is one component of pre-employment due diligence — the part that searches criminal, credit, and employment records via a consumer reporting agency. Due diligence is the broader process: it includes reference checks, credential verification, skills assessment, and in some cases, social media review. Background checks are regulated by FCRA; due diligence as a whole is shaped by multiple federal and state laws.

Frequently asked questions

HR due diligence is a structured review of workforce data, employment practices, and human capital risks before a major business decision. It applies in three contexts: M&A transactions, candidate hiring, and vendor selection. The goal is to verify facts and surface legal or financial risks before a commitment is made.

M&A HR due diligence covers headcount and org structure, compensation and benefits, employment contracts, pending litigation and EEOC charges, culture and voluntary turnover, and HR systems and data. The goal is to identify people-related liabilities and integration risks before the deal closes.

The Fair Credit Reporting Act (FCRA) governs background checks run through consumer reporting agencies. Title VII and EEOC guidance shape how criminal history may be used in hiring decisions. GDPR applies to candidates in the EU. State ban-the-box laws restrict criminal history inquiries in over 35 US states.

If a background check result may disqualify a candidate, FCRA requires a two-step adverse action process. First, send a pre-adverse action notice with a copy of the report and allow at least five business days for the candidate to respond. Then, if proceeding, send the final adverse action notice with the reporting agency’s contact details and the candidate’s right to dispute.

Vendor due diligence verifies that an HR technology vendor meets your security and compliance standards before you share employee or candidate data. Key checks include SOC 2 Type II certification, a signed GDPR Data Processing Agreement, a reviewed sub-processor list, and documented data retention and deletion policies.

Yes. Skills assessments are a form of pre-employment due diligence that verifies a candidate’s present capabilities rather than their past record. Role-specific assessments create a documented, consistent, and job-relevant selection record that supports EEOC compliance and reduces negligent hiring risk.

M&A HR due diligence typically takes one to two months for a thorough review of a mid-to-large target company. Timeline depends on the size of the workforce, complexity of contracts and benefits, volume of litigation, and availability of HR data in the data room.

Negligent hiring is a legal doctrine that holds employers liable when they hire someone with a known harmful history and that person causes harm to a third party. Conducting background checks, reference checks, and credential verification creates a documented record that the employer exercised reasonable care before making a hiring decision.