What background checks are available in Bangladesh?

Available checks include identity (National ID via Election Commission NID Wing), criminal record (Police Verification Report via Special Branch), education (UGC for tertiary; education board for SSC and HSC), employment, and address. CIB credit reports via Bangladesh Bank are available for financial-sector roles.

How long does background verification take in Bangladesh?

Police Verification Reports typically take 14 to 30 days. NID identity is 2 to 5 days. Education via UGC and education board is 5 to 14 days. Employment verification depends on prior-employer cooperation, ranging 5 to 20 days. Monsoon-season administrative delays and Dhaka-vs-district variance are common.

What's the regulatory environment for background checks in Bangladesh?

The Personal Data Protection Act 2023 was enacted, although its implementation framework is still maturing. Verification operates under the ICT Act 2006, the Right to Information Act, and contract-based consent. BTRC oversees data flows. Cross-border transfer restrictions are tightening.

What are the common verification challenges in Bangladesh?

There is no centralised criminal database; Police Verification Reports rely on local thana records and are slow. Education certificates from less-regulated private universities require direct institutional outreach. Bengali-to-English transliteration causes mismatches against database checks. NID counterfeiting remains a documented fraud vector.

Bangladesh: Workforce Risk Intelligence

01 / Market Reality

Two workforce ecosystems, one verification gap

170M+ population. 4M+ garment workers alongside a fast-growing IT/BPO sector of 300K. No centralised employment trace, fragmented education recognition, and a regulatory landscape that shifted dramatically in 2025.

170M

Population

64 districts, dispersed

4M+

RMG workforce

Largest after China

300K

IT/BPO workforce

Fast-growing, Dhaka-centric

PDPO

Data protection

Gazetted Nov 2025

Bangladesh operates two almost entirely separate verification ecosystems

RMG and IT/BPO require fundamentally different screening approaches

What's happening

The RMG sector employs 4M+ workers with identity-first, volume-based verification needs. The IT/BPO sector (300K) requires credential-heavy, reference-intensive screening that mirrors India and Philippines patterns.

Why it matters

A single BGV programme design cannot serve both ecosystems. RMG needs fast NID checks for thousands per season. IT/BPO needs full-pack verification with education, employment, and criminal checks.

Where it breaks

No EPFO-equivalent exists. Employment verification depends entirely on direct HR confirmation. When the employer is dissolved, relocated, or unresponsive, the verification simply fails. No independent trace to fall back on.

Reality insight

The RMG sector's subcontractor chains make previous employer verification frequently impossible. IT/BPO candidates face a different problem: high-value roles combined with limited verification infrastructure create elevated fraud risk.

Verification ecosystems

RMG vs IT/BPO

No trace

Employment contribution

No EPFO equivalent exists

Multiple

Education authorities

UGC, BAL-ION, BTEB

Districts

Dispersed population

Decision trigger

Does your BGV provider offer separate programme designs for RMG and IT/BPO clients in Bangladesh, or do they apply the same check pack to both?

02 / Hiring Risks

Where verification infrastructure is weakest, fabrication thrives

Employer fabrication, education credential confusion, NID format mismatches, and address discrepancies across documents. The absence of independent verification traces makes detection harder than in any regional peer.

Five structural failure points in Bangladesh screening

Most failures stem from infrastructure gaps, not candidate intent

What's happening

Employer fabrication is the highest-frequency red flag. No independent employment trace exists, so candidates citing dissolved or never-registered employers cannot be verified. Education credential confusion between UGC and BAL-ION recognition creates ambiguity.

Why it matters

Every verification type depends on direct human contact with external parties: HR departments, university registrars, police offices. There is no digital fallback. When the contact fails, the check fails.

Where it breaks

Candidates from provincial institutions with paper-based registrar systems. Employers in the RMG subcontractor chain that no longer operate. NID format transitions between old 13-digit and new Smart NID causing system mismatches.

Reality insight

Employer fabrication rates in Bangladesh are significantly higher than regional peers because the absence of a contribution trace (like India's UAN or Philippines' SSS) removes the primary independent detection mechanism.

red flag frequency

Observed red flag categories in Bangladesh verification programmes

Detection rate per 1,000 candidates verified, 2024-2025. Many patterns reflect institutional gaps rather than intentional fraud.

Employer fabricationdissolved company, no trace

2.0-5.2%

20-52 / 1k

Education credential delayprovincial unresponsive

1.5-4.0%

15-40 / 1k

BAL-ION vs UGC confusionprivate institution status unclear

1.2-3.2%

12-32 / 1k

Address mismatchNID / Passport / Police records

0.7-1.8%

7-18 / 1k

NID format mismatch13-digit vs Smart NID

0.4-1.2%

4-12 / 1k

Source: OutsourceVerify Bangladesh programme data, 2024-2025. Employer fabrication rate is significantly higher than metro-centric peers due to absence of employment contribution trace.

The NID format transition creates systemic verification delays

Two ID formats, limited third-party digital access, no unified eKYC

What's happening

Bangladesh issues two NID formats: the old 13-digit card and the new Smart NID (biometric-linked). Smart NID roll-out is ongoing. Many candidates hold old-format NIDs that remain valid. System mismatches between formats are common.

Why it matters

Unlike India's Aadhaar eKYC, Bangladesh has no centralised digital verification portal. Smart NID verification through the Election Commission portal exists but third-party access is restricted and response times are slow.

Where it breaks

Candidates providing old 13-digit NIDs when institutions require Smart NID references. Biometric matching restricted to Election Commission only. No equivalent of DigiLocker or Aadhaar for candidate-fetched credentials.

Reality insight

The NID infrastructure gap means identity verification in Bangladesh is inherently more document-heavy and manual than equivalent programmes in India or the Philippines. Automated pipelines that work elsewhere do not exist here.

No portal

Centralised digital verification

No Aadhaar eKYC equivalent

Police only

Criminal check path

No online case search exists

Fragmented

Document ecosystem

NID, passport, birth cert all separate

Decision trigger

Does your vendor handle NID format reconciliation (old 13-digit vs Smart NID) as part of their standard process, or does it cause delays and exceptions?

03 / Compliance Landscape

PDPO 2025 is Bangladesh's first comprehensive data protection law. The clock is ticking.

Gazetted November 2025 with an 18-month transition. Full enforcement by mid-2027. The Cyber Security Ordinance 2025 replaced the controversial Cyber Security Act. Both reshape the BGV operating environment.

PDPO 2025: consent, cross-border transfers, and processor obligations

First comprehensive data protection law. Full enforcement by mid-2027.

What's happening

The Personal Data Protection Ordinance (PDPO) was gazetted November 2025, replacing the draft PDPA framework. It establishes explicit consent requirements, controller/processor obligations, and a Data Protection Commission modelled on international best practice.

Why it matters

BGV vendors are data processors under PDPO. Explicit, informed, purpose-limited consent is required before every check. Cross-border data transfers to overseas clients require demonstrated adequate protections. Data processing agreements become mandatory.

Where it breaks

Vendors without documented PDPO compliance: no consent capture, no processor agreements, no cross-border transfer safeguards. Legacy processes built before PDPO requirements. The 18-month transition is not optional preparation time.

Reality insight

Most international clients hiring in Bangladesh already require PDPO-equivalent standards as a contractual condition. Providers should begin operationalising compliant processes now. By mid-2027, non-compliance risks enforcement action.

Nov 2025

Gazetted

Published in official gazette

18 months

Transition period

Full enforcement by mid-2027

First

Comprehensive law

Replaces piecemeal DSA provisions

Cyber Security Ordinance 2025: the regulatory reset

Replaced the Cyber Security Act 2023 after widespread criticism. Gazetted May 21, 2025. Nine controversial sections removed entirely.
All speech offences now bailable. Maximum punishment reduced from 14 years to 2 years for remaining offences.
Narrower scope for data seizure. Government authority to compel data disclosure now requires clearer legal basis.
Impact on BGV: reduced legal risk around data handling, clearer boundaries on government data access requests, and a more stable operating environment for screening providers.

Procurement implication Providers should update Bangladesh compliance documentation to reference the Cyber Security Ordinance 2025 rather than the superseded Act. The shift signals a fundamental change in Bangladesh's approach to digital governance with reduced legal risk for data handling.

Legacy framework: Digital Security Act, 2018

Still technically in force but substantially superseded by PDPO 2025 and Cyber Security Ordinance 2025.
Applied to processing of personal data in digital contexts. No explicit controller/processor framework (unlike PDPO).
Violations can still result in criminal penalties. Enforcement historically inconsistent.

Regulatory transition in progress Bangladesh is in the middle of a significant regulatory transition. BGV providers should begin operationalising PDPO-compliant processes now: explicit consent documentation, processor agreements, cross-border data transfer safeguards, and breach notification protocols. Most international clients already require PDPO-equivalent standards as a contractual condition.

Decision trigger

Does your BGV provider reference PDPO 2025 compliance in their Bangladesh operations? Can they produce consent capture audit trails and cross-border data transfer protocols on demand?

04 / Operational Gaps

Every check type hits a structural ceiling that technology cannot solve

No digital employment trace. No online criminal search. Paper-based registrar systems at provincial universities. Address verification depends on NID or physical field visits. The constraints are institutional, not operational.

Verification process: where it stalls

Candidate consent

PDPO-compliant capture

Identity (NID)

13-digit or Smart NID

Employment

Direct HR only

Stall: no independent trace

Education

Registrar email/letter

Stall: 10-14 day baseline

Criminal

Police Clearance Cert

Gap: no online portal

Address

NID / Police / field visit

Identity: NID is the cornerstone, but access is limited

National ID Card (NID): primary identity document issued by the Election Commission. Two formats coexist: old 13-digit and new Smart NID (biometric-linked).
Passport: issued by Ministry of Home Affairs. Occasionally used for address cross-reference. Verification slow (5-7 days).
Birth Registration Certificate: issued by local government / upazila office. Used for age verification but often unavailable.
No centralised digital portal: unlike Aadhaar eKYC, third-party access to NID verification is restricted and slow.

Employment: direct HR confirmation is the only path

No employment contribution trace: Bangladesh has no EPFO equivalent. Verification depends entirely on direct employer contact via phone, email, or formal letter.
Smaller employers often lack formal HR processes. Contact may require reaching a factory manager or business owner directly.
Government employment routes through government HR systems (slow, 7-10 days typical).
Tax records (NBR): exist but third-party verification access is restricted. Only 10-15% formal-sector coverage. Slow retrieval (10-14 days).

Education: registrar delays are the primary TAT driver

UGC-BD recognises public and some private universities. BAL-ION recognises certain private technical institutions. BTEB oversees vocational education.
No digital transcript depository: no equivalent of India's NAD or DigiLocker exists.
University verification: 5-14 days. BAL-ION institutions: 7-14 days. BTEB vocational: 8-12 days. O/A Level boards: 5-8 days.
Provincial institutions with paper-based registrar systems are the single largest TAT driver.

Academic transcript verification bottleneck Many universities outside Dhaka operate manual registrar systems with limited digital infrastructure. Transcript requests sit in queues. Plan for 10-14 days as baseline for university verification, and 14-21 days for provincial institutions. This is not fraud. It is institutional capacity.

Criminal: police-only, no digital portal

No public online case search exists. All criminal checks route through Police Clearance Certificates requested from district police offices or Dhaka Police headquarters.
PCC shows convictions, registered cases, and arrests. Will not show intelligence records, pending cases without formal charge, or very old historical records.
TAT: 5-10 days metro, 10-14 days provincial. Provincial police offices have inconsistent record quality.

turnaround time by check

Realistic TAT range per check type (days)

Observed ranges across Bangladesh programmes. Gold marker = typical median. Metro vs provincial variation is significant.

IdentityNID + Passport

0d5d10d15d21d

0-2 days

EmploymentHR confirmation (direct)

0d5d10d15d21d

2-6 days

Educationregistrar / transcript

0d5d10d15d21d

5-15 days

CriminalPolice Clearance Certificate

0d5d10d15d21d

3-9 days

AddressNID / Police / field visit

0d5d10d15d21d

2-7 days

Source: OutsourceVerify Bangladesh programme data, metro Dhaka and provincial candidates, 2024-2025.

What companies assume

Sub-7-day full-pack verification is possible

Employment verification has an independent fallback

Criminal records are digitally searchable

Education credentials are quickly confirmable

NID verification works like Aadhaar eKYC

One BGV programme design works for all sectors

What actually happens

9-14 days metro, 12-21 days provincial. Education verification alone takes 5-15 days.

No independent trace exists. When HR contact fails, the check fails. No EPFO, no UAN, no TDS records.

No online portal. All criminal checks route through Police Clearance Certificates, physical or postal requests.

Provincial universities operate paper-based registrar systems. 14-21 days is common.

No centralised digital verification. Third-party access to Smart NID verification is restricted and slow.

RMG needs identity-first volume screening. IT/BPO needs credential-heavy full packs. Different SLAs, different costs.

Decision trigger

When your vendor reports "completed" on an employment check in Bangladesh, does that mean HR confirmation, or simply that no one responded within the SLA window?

05 / Decision Impact

Three scenarios. Three different risk exposures.

Your operating context determines your verification risk. Each scenario below maps to a distinct failure mode in Bangladesh.

RMG Workforce Screening

Hundreds to thousands of workers per season. Identity-first verification. Subcontractor chains make previous employer tracing frequently impossible. Underage worker risk is a primary concern.

Risk: Volume pressure forces identity-only checks, missing fabricated employment histories entirely.

High exposure

IT/BPO Market Entry

First offshore engagement in Bangladesh. No baseline for verification quality. Vendor selected on price and SLA without understanding structural TAT constraints.

Risk: Sub-7-day SLA promises are impossible to deliver with institutional verification. Speed claims mask depth shortcuts.

High exposure

PDPO Compliance Audit

International client requires GDPR-equivalent or SOC 2-equivalent BGV processes. PDPO enforcement approaching mid-2027. Consent trails and cross-border transfer protocols needed.

Risk: Vendor cannot produce consent capture audit trails, processor agreements, or cross-border data transfer safeguards.

Medium-high exposure

Decision trigger

The right question is not "which vendor is cheapest." It is: can the vendor demonstrate separate programme designs for RMG and IT/BPO, and can they prove verification depth under audit?

Executive Intelligence Summary

Bangladesh: 7 conclusions for decision-makers

Two verification ecosystems exist in one country. RMG (4M+ workers) needs identity-first, volume-based screening. IT/BPO (300K) needs credential-heavy full packs. A single programme design cannot serve both.
No independent employment trace exists. Bangladesh has no EPFO, no UAN, no TDS cross-reference. Employment verification depends entirely on direct HR contact. When the employer is dissolved or unresponsive, the check fails with no fallback.
Education verification is the primary TAT driver. Provincial universities operate paper-based registrar systems. 10-14 days is baseline for metro, 14-21 days for provincial. No digital transcript depository exists.
PDPO 2025 is now the governing data protection framework. Gazetted November 2025 with 18-month transition. Explicit consent, processor agreements, and cross-border transfer safeguards are mandatory by mid-2027.
Criminal records are police-only with no digital access. All criminal checks route through Police Clearance Certificates. No online case search portal exists. Provincial police offices have inconsistent record quality.
Sub-7-day full-pack SLAs are structurally impossible. Education alone takes 5-15 days. Criminal checks take 3-9 days. Any vendor promising sub-7-day completion on a full pack is either skipping checks or closing cases without institutional confirmation.
Vendor evaluation must test for Bangladesh-specific operational depth. Ask for NID format reconciliation processes, registrar relationships, police liaison coverage, Bengali-language staff, and separate RMG vs IT/BPO programme designs.

Country benchmark

Bangladesh Verification Benchmark Pack

Market-specific constraints, institutional access data, typical timelines, and source verification pathways. PDF format, designed for internal circulation.

Request benchmark

Delivery in this market

Verification in this jurisdiction is executed by a regional cell with direct institutional access, operating under our central programme office. Cases run in parallel with other active markets. Evidence standards, quality gates, and escalation protocols are identical regardless of geography. Surge capacity is pre-built, not assembled on demand.

If this reflects your operating environment, we can outline a structure based on your hiring volumes and regions.

Validate Your Programme See the Bangladesh programme

About this brief. Reflects the regulatory and operational landscape as of May 2026. PDPO 2025 was gazetted November 2025 with full enforcement expected by mid-2027. Cyber Security Ordinance 2025 gazetted May 21, 2025. TAT ranges and red flag rates are first-party operating data from OutsourceVerify Bangladesh programmes, presented as observed ranges. Sector-specific data (RMG vs IT/BPO) reflects programme experience across both segments.

References

Digital Security Act, 2018: Bangladesh; administered by ICT Division. ictd.gov.bd
Personal Data Protection Act (Draft): Bangladesh, superseded by PDPO 2025. ictd.gov.bd
National Board of Revenue (NBR): income tax authority. nbr.gov.bd
University Grants Commission of Bangladesh (UGC-BD). ugc.gov.bd
BAL-ION (Bangladesh Accreditation Council). balon.org.bd
Board of Technical Education (BTEB). bteb.gov.bd
Bangladesh Police: criminal records and Police Clearance Certificates. police.gov.bd
Bangladesh Bank, Credit Information Bureau (CIB). bb.org.bd
Election Commission of Bangladesh: NID records. ecs.gov.bd
Immigration Bureau, Bangladesh: passports and travel documents. immigration.gov.bd
Personal Data Protection Ordinance (PDPO), 2025: Bangladesh's first comprehensive data protection law. ictd.gov.bd
Cyber Security Ordinance, 2025: replaced the Cyber Security Act 2023. bdlaws.minlaw.gov.bd
Cyber Security Ordinance 2025 analysis: provisions removed, impact on digital rights. thedailystar.net
NID digital infrastructure assessment: Smart NID programme status and limitations. ecs.gov.bd
RMG sector workforce data: BGMEA statistics. bgmea.com.bd
IT/BPO sector growth data: BASIS statistics. basis.org.bd

Bangladesh.Decision Intelligence Report

Two workforce ecosystems, one verification gap

Where verification infrastructure is weakest, fabrication thrives

PDPO 2025 is Bangladesh's first comprehensive data protection law. The clock is ticking.

Cyber Security Ordinance 2025: the regulatory reset

Legacy framework: Digital Security Act, 2018

Every check type hits a structural ceiling that technology cannot solve

Identity: NID is the cornerstone, but access is limited

Employment: direct HR confirmation is the only path

Education: registrar delays are the primary TAT driver

Criminal: police-only, no digital portal

Three scenarios. Three different risk exposures.

RMG Workforce Screening

IT/BPO Market Entry

PDPO Compliance Audit

Bangladesh: 7 conclusions for decision-makers

Delivery in this market

References

Bangladesh.
Decision Intelligence Report