04 Beyond the standard package · Part 4 of 5

The incident before the incident: how pre-hire red flags become post-hire crises

In nearly every BGV-related incident that materially damages a company, the data that would have prevented the hire existed pre-hire. It was findable. It was within the operational reach of the screening vendor. It was not in the scope of what they were asked to find. This article walks through two case studies in detail and isolates the structural pattern they share.

Reading time: 12 minutes Series: Beyond the standard package, part 4 of 7 Last updated: May 2026 Reviewed by: OutsourceVerify operations
Key facts
Beyond the standard package

Most BGV-related incidents are described, after the fact, as a vendor failure. A senior hire turned out to have a conduct history. A finance leader turned out to have hidden debt. The screening company "missed it." A new vendor is selected and the cycle resets. This framing is operationally satisfying because it locates the problem outside the hiring organisation. It is also wrong almost every time.

The two case studies that follow are anonymised but real in the operationally important detail. Both companies had screening programmes. Both companies ran the standard package on every senior hire. Both companies experienced material post-hire incidents. In neither case did the screening vendor fail to deliver what they had been asked to deliver. In both cases the data that would have surfaced the risk existed pre-hire, was accessible to the vendor's operational capability, and was not in the scope of work. The incident was the visible event. The structural failure preceded it by months.

Case study 1: The VP Finance and the gambling debt

Anonymised case · financial pressure pattern
A senior finance hire at a large technology company, in a role with vendor payment authority.
Month -2
Hiring decisionCandidate selected after multi-round interview process. CV thorough, prior roles substantial, references positive on first call. Offer extended.
Month -1
Standard package runIdentity verified through government ID. Education credentials confirmed direct with both universities. Employment history verified at all prior employers across 12 years. Criminal record search in countries of residence: clear. Three references contacted, conversations recorded as positive. All checks return green.
Month 0
OnboardingCandidate joins. Onboarding standard. Access granted to financial systems, vendor management platforms, and approval workflows appropriate to the role.
Month 4-5
First peer signalsTwo team members independently report to their managers that the new hire has approached them asking for personal loans. The requests are framed informally and the amounts are mid-five-figure. The peers find the requests unusual but not immediately alarming.
Month 5-6
EscalationFrequency of loan requests increases. A third team member reports a similar approach. Pattern triggers escalation to senior leadership and HR.
Month 6
InvestigationInternal investigation opened. As part of the investigation scope, a credit history search is run. The picture that emerges: multiple delinquent personal loans across several lenders, significant outstanding personal liabilities, and a pattern of large online gambling activity producing cumulative losses the candidate had been managing through informal lending channels.
Month 6-7
Exit and remediationCandidate is exited from the role. Audit of any decisions or vendor approvals made during tenure is initiated. Investigation costs, audit costs, recruitment cost for replacement, and the operational disruption translate to a six-figure direct cost; the indirect cost in management distraction and risk exposure is larger.
Where the programme was blind

The credit history search that surfaced the gambling activity and the delinquencies during the investigation was a check that existed and was available pre-hire. The company's screening contract did not include it for any role, because the standard package did not include credit checks for any role, because the programme had never been redesigned to be role-calibrated. The vendor did exactly what they had been asked to do. The scope did not include the question that would have surfaced the risk.

Case study 2: The senior people-leader and the POSH history

Anonymised case · conduct pattern
A senior people-management hire at a large enterprise, with direct reports across multiple functions.
Month -2
Hiring decisionCandidate identified through executive search. Strong CV, broad enterprise experience, positive first-round references. Offer extended after senior-level approval.
Month -1
Standard package runIdentity, education, employment history all verified. Criminal record search clear. Three references contacted with the standard question set: dates, role, performance, reason for departure, would you rehire. All references give positive but somewhat reserved answers. The reservation is noted by the analyst but not flagged because the standard call template has no follow-up protocol for "qualified positive" answers.
Month 0
OnboardingCandidate joins. Initial integration appears smooth. Team is briefed on the new leader.
Month 2-4
First conduct signalsFemale members of the candidate's extended team begin noting interactions that they describe internally as uncomfortable. Comments are characterised as off-pattern for the organisation's culture. The behaviour is not immediately reported through formal channels.
Month 4-6
EscalationOne team member files a formal complaint. A second team member separately raises concerns. HR opens an internal investigation.
Month 6-7
Investigation deepensAs part of the investigation, the candidate's prior employment history is re-examined with specific behavioural questions directed at named previous employers. Two prior employers, when asked the right structured question, decline to comment on whether formal complaints were filed during the candidate's tenure. The pattern of "prefer not to comment" answers from multiple references is itself the discovery. One prior employer, when pressed specifically on the POSH framework, confirms that a complaint had been filed and the candidate had departed shortly thereafter.
Month 7-8
Exit and remediationCandidate is exited. Settlement and remediation activity follows. Direct cost is mid-six-figures including legal, settlement, recruitment, and internal investigation. Indirect cost in team morale and reputational exposure is larger and harder to quantify.
Where the programme was blind

The structured behavioural references that surfaced the conduct pattern during the investigation were references calibrated to the role's risk profile, executed by analysts who knew how to ask specific framework-anchored questions and how to interpret the resulting answer patterns. Those references were available pre-hire but were not part of the standard package. The original reference checks were standard performance-focused conversations; "would you rehire" got a "yes" from references who would have answered "prefer not to comment" to a specific conduct question. The vendor delivered the package they were contracted to deliver. The package did not include the questions that would have surfaced the risk.

The shared structural pattern

Reading the two timelines side by side, the surface details differ but the structure is identical:

The pattern repeats across BGV incidents that destroy company value. The incident is the visible event. The programme failure happens months earlier, when the scope was specified and the budget was approved and the standard package was treated as the programme.

The diagnostic test for a compliance-only programme

Most operating leaders cannot easily tell whether their organisation's BGV programme is risk-discovery-capable or compliance-only. The vendor relationship is opaque; the metrics reported up are "100 percent of hires screened"; the incident, when it comes, is presented as a surprise. There is a reliable three-question diagnostic that surfaces the programme posture in any conversation with the programme owner:

Three "compliance-only" answers indicates a programme structurally exposed to the incident class described in this article. It does not mean an incident is inevitable. It does mean the programme is running on luck. Eventually, luck runs out.

For PE operating partners: the audit you should commission

Across a portfolio of investments, the three-question diagnostic above can be operationalised as a portfolio-wide audit. Each portfolio company's CHRO is asked the three questions in the next routine review. The answers are coded against a simple traffic light: three green answers means the programme is risk-discovery-capable; one or two compliance-only answers means the programme is exposed; three compliance-only answers means the portfolio company is structurally one incident away from the conversation you don't want.

The result of this audit is usually uncomfortable. Most portfolio companies score one or zero green answers because role calibration, structured behavioural references, and active scope review are not part of the typical BGV vendor relationship. The audit's value is not in scoring; it is in giving the operating partner a structured conversation with each portfolio CHRO about what specifically would have to change to move the answer to green. That conversation is the operationalisation. The dashboard in the next article in this series shows how to track it across the portfolio.

For programme owners and PE operating partners

Run the three-question diagnostic on your programme.

Request a structured briefing that walks your programme owner through the diagnostic, scores the programme posture, and produces a remediation roadmap. Available for individual programmes or portfolio-wide.

Share this