Our website uses cookies

By continuing to browse the site, you are agreeing to our use of cookies.

Accept Find Out More
Back to Resources

FCRA Compliant Background Check Companies: What Employers Need to Know

Articles
Compliance & LegislationEmployer Resources
June 10, 2026
Share:
Important: The information in this article is intended for general guidance for employers and hiring professionals. It is not legal advice, and organizations should consult their legal or compliance advisors when developing hiring or background screening policies. If you are an individual looking to obtain a background check on yourself or inquire about a background report, please contact the screening provider that performed the report or the employer who requested it. Justifacts provides screening services for employers and does not process personal background check requests through this website.

If you're vetting background check vendors, "FCRA compliant" is probably a phrase you've seen on a lot of websites. Every company claims it. And to be fair, operating under the Fair Credit Reporting Act is the baseline requirement for any screening provider working with U.S. employers. So the question worth asking is what FCRA compliance actually means in practice, and what to look for when evaluating vendors.

This article breaks down what FCRA compliance requires of background check companies, what it requires of employers, and what separates providers that take compliance seriously from those that treat it as a checkbox.

Quick Answer

FCRA compliant background check companies are consumer reporting agencies (CRAs) that conduct employment screening in accordance with the Fair Credit Reporting Act. For employers, that means working with a provider that follows legally required procedures around consent, adverse action, data accuracy, and dispute resolution. Choosing an FCRA-compliant partner means building a hiring process that's defensible and consistent.

Table of Contents

What the FCRA Actually Requires of Background Check Companies

The Fair Credit Reporting Act was enacted in 1970 and has been amended several times since. When it comes to employment screening, it governs how consumer reporting agencies collect, use, and share background information.

For a screening company to operate in compliance, they need to follow 4 core requirements:

Maintain Reasonable Procedures for Accuracy

The FCRA requires CRAs to follow reasonable procedures to ensure the information they report is accurate. That means verifying records, not just pulling raw data and passing it along. A court record showing a charge that was later dismissed should reflect that. Providers without quality control processes in place are an FCRA liability waiting to happen.

Provide Dispute Resolution

If a consumer (the job applicant) believes their report contains an error, the CRA is legally required to investigate and correct inaccurate information within 30 days. This is a meaningful operational requirement, and not every vendor has a proper process for it.

Follow Permissible Purpose Rules

CRAs can only provide background reports when there's a legitimate permissible purpose, and employment is one of them. There are specific rules around how that purpose is documented and maintained.

Provide Summary of Rights

When an adverse action is being considered based on a background report, the applicant has rights under the FCRA. A compliant provider will furnish the required "Summary of Rights" documentation to support the employer's adverse action process.

What FCRA Compliance Requires of Employers

This part often gets overlooked. FCRA compliance covers both the screening company and the employer. Employers carry their own set of obligations under the law, and a good background check provider should be helping them meet those obligations.

The FCRA requires employers to obtain written consent from the applicant via a standalone disclosure document, separate from the employment application. If a hiring decision is being considered based on the report, employers generally need to send a pre-adverse action notice along with a copy of the report and the Summary of Rights before making a final decision, giving the applicant a chance to dispute inaccurate information. A final adverse action notice follows if the decision stands.

For certain convictions, particularly in states with ban-the-box laws, an individualized assessment may also be required before making an adverse decision, considering the nature of the offense, how long ago it occurred, and its relevance to the position. Look for a provider whose platform and team actively support your adverse action workflow rather than leaving that process entirely on your HR team.

How to Evaluate Whether a Background Check Company Is Truly FCRA Compliant

Saying "we're FCRA compliant" is easy. Here's what to actually look for.

Accreditation Through PBSA

The Professional Background Screening Association (PBSA), formerly NAPBS, offers accreditation for screening companies that meet rigorous standards around compliance, data security, and operational quality. Earning PBSA accreditation is one of the clearest signals that a provider takes compliance seriously. Only a small fraction of background screening companies have earned it — making it a meaningful differentiator when comparing vendors.

Transparency Around Data Sources

Where is the data coming from? A compliant provider should be able to explain their sourcing clearly, whether that's direct county court research, commercial databases, or a combination. Providers relying solely on instant database searches are more likely to surface stale or inaccurate records.

Adverse Action Support and Dispute Resolution

Ask whether the platform has built-in adverse action workflow tools and what the dispute resolution process looks like. How long does resolution take, and who manages it? These are practical questions worth asking directly before signing on with any provider.

Dedicated Compliance Resources and Data Security

Does the company have in-house compliance staff? Do they update their practices when state laws change? The FCRA also has provisions around disposing of consumer information properly, so a compliant provider should have documented data security and retention policies, not just a general claim of compliance on their homepage.

Employer Considerations When Choosing an FCRA Compliant Vendor

Beyond the compliance basics, here's how to think about vendor selection from a practical hiring standpoint.

Your Volume and Turnaround Needs

A 10-person company and a 500-person company have different requirements. Some providers are built for enterprise volume. Others, like Justifacts, focus on small-to-midsize employers where the relationship and flexibility matter as much as the technology.

ATS Integration

If your team runs hiring through an applicant tracking system, look for a provider that integrates directly. It removes manual handoffs and reduces the chance of compliance steps getting skipped.

Account Management

This is more important than it sounds. If you have a compliance question at 3pm on a Wednesday, can you call someone who knows your account, or are you in a support queue? For HR teams without dedicated legal counsel, a responsive and knowledgeable account manager is a genuine compliance resource. It's also worth asking how long account managers have been with the company, because high turnover means constantly re-explaining your process to someone new.

State-Specific Expertise

FCRA is federal law, but many states layer additional requirements on top, including shorter lookback periods, restrictions on credit checks, and mandatory waiting periods before adverse action. If you hire in Pennsylvania, California, New York, or Illinois in particular, state compliance adds real complexity. Your provider should know these rules cold.

Compliance Considerations

A few things worth flagging as you build your screening policy.

The FCRA establishes federal standards, and state laws in places like California, New York, and Massachusetts go considerably further than the federal standard. Background check authorization forms have also become a target for class action lawsuits, specifically over disclosures that included extraneous information or were bundled with other onboarding documents. Keep the disclosure clean and standalone.

On the data side: most negative information (except certain convictions) can't be reported after 7 years under the FCRA. Your provider's accuracy procedures should catch this automatically, but it's worth confirming. And if you're running employment credit checks, those carry additional federal and state restrictions. Several states prohibit them entirely for most positions, and your provider should flag when a credit check may not be permissible for a given role or location.

All of this is general guidance. Your legal or HR compliance advisor should review your specific screening policies and authorization forms.

How Justifacts Approaches FCRA Compliance

Justifacts has been operating as a background screening company since 1982. That kind of tenure matters in a compliance-heavy industry. The FCRA has been amended multiple times over the decades, and state laws change frequently. A company that's been navigating those changes for 40+ years has institutional knowledge that newer providers are still building.

Every client works with a dedicated account manager, which means there's a specific person who knows your account, your industry, and your hiring process. Justifacts' account managers average 10 to 20 years with the company, so when you call with a compliance question, you're talking to someone who has seen a lot of hiring situations before. For small-to-midsize employers without in-house legal teams, that kind of accessible, experienced contact is genuinely useful.

The platform also includes built-in compliance tools designed to support the adverse action process, so the workflow isn't left entirely to the employer to manage manually. For a full picture of how Justifacts maintains compliance standards, see our affiliations and accreditations.

Key Takeaways

  • FCRA compliance covers both the screening company and the employer. Both parties carry independent legal obligations under the law.
  • PBSA accreditation is one of the more concrete signals of a provider's compliance commitment. Only a small fraction of screening companies have earned it.
  • Built-in adverse action workflow support is a practical differentiator worth asking about directly during vendor evaluation.
  • State laws in places like California, New York, and Massachusetts go considerably further than the federal FCRA standard.
  • Ask how long account managers have been with the company. Tenure is a proxy for institutional knowledge you'll actually rely on.

Frequently Asked Questions

What makes a background check company FCRA compliant?

An FCRA compliant background check company follows the procedures required by the Fair Credit Reporting Act: maintaining data accuracy, providing dispute resolution, operating only under permissible purposes, and furnishing required documentation to support employer adverse action processes.

Are all background check companies FCRA compliant?

Legally, any company providing background screening for employment purposes in the U.S. is required to operate under the FCRA. Compliance quality varies considerably though. Accreditation, data sourcing practices, and adverse action support differ significantly between providers, and those differences show up in real hiring situations.

What is PBSA accreditation and does it matter?

PBSA (Professional Background Screening Association) accreditation is a voluntary credential that requires screening companies to meet audited standards around compliance, data quality, and operational procedures. Only a small fraction of background screening companies have earned it, making it one of the more reliable indicators of a provider's compliance infrastructure.

What does an employer need to do to stay FCRA compliant?

The FCRA requires employers to obtain written authorization before running a background check, provide a standalone disclosure form, and send pre-adverse and adverse action notices if a hiring decision is influenced by the report. State laws frequently add requirements on top of those federal obligations, so the specifics vary depending on where you're hiring.

Can an employer be sued for FCRA violations even if their background check company is compliant?

Yes. FCRA obligations apply independently to both the employer and the CRA. If an employer skips the pre-adverse action notice process, that's the employer's liability regardless of what the screening company did.

Final Thoughts

FCRA compliance is the legal baseline for every background check company operating in the employment space. For employers, the goal is finding a partner that makes compliance easier to execute consistently: built-in adverse action support, experienced account management, and a provider who understands the state-level complexity that sits on top of federal requirements.

If you're evaluating screening partners, Justifacts is worth a conversation.

Talk to a Screening Specialist