The first article in this series argued that standard packages miss the incidents that destroy company value because the package was never designed to find role-specific risk. This article moves from problem to structure. It presents the role-risk taxonomy: five role families, the risk class each carries, and the additional checks that close the gap. The taxonomy is the foundation of a calibrated programme. Without it, the standard package is applied uniformly, by default, because no one has done the work to define which roles need more.
One disclaimer up front. Role calibration is not a justification for over-screening every hire. The standard package remains valid and sufficient for the majority of roles in any organisation. Junior individual contributors, operational support roles, and most lateral mid-career hires do not require enhanced scope. The taxonomy below is about identifying which 15 to 25 percent of your hires sit in roles where the standard package is structurally insufficient, and what to add for those specific roles. Calibration is precision, not bloat.
The five role-risk families
Roles with access to capital flows
CFO, VP Finance, Controller, Head of Treasury, Senior Finance Manager, Procurement Director, AP/AR leaders with payment authority.
Financial pressure is the corruption vector. Personal debt, gambling, undisclosed business interests, or unresolved liabilities create vulnerability to coercion or fraud. The role has approval authority over capital flows, vendor relationships, or sensitive financial records, so the surface area for incident is large.
- Personal credit history check (calibrated to jurisdiction)
- Bankruptcy and personal insolvency records
- Directorship and beneficial ownership search (companies the candidate has been an officer of)
- Undisclosed business interests and conflict-of-interest probe
- Civil litigation history (defendant in financial disputes)
- Where jurisdiction permits and risk profile warrants: gambling exposure indicator search
Roles with authority over direct reports
CHRO, Head of People, VP Operations, Head of Engineering, Director-level and above with team management, plant or site managers, regional leadership.
Authority over reports creates a power asymmetry that, in the wrong hands, manifests as harassment, discrimination, retaliation, or hostile workplace patterns. These incidents trigger investigations, settlements, regulatory complaints, and reputational damage. They also frequently follow the candidate across employers because previous companies will not proactively disclose conduct issues but may signal them when asked specifically.
- Structured behavioural references with prior-conduct probes (covered in detail in Article 3 of this series)
- Explicit question on prior workplace complaints, investigations, or terminations under conduct policies
- Jurisdictional probe: in India, an explicit POSH (Prevention of Sexual Harassment) history question; in markets with equivalent frameworks, the local statute
- Adverse media search for the candidate's name in conjunction with terms like "harassment," "discrimination," "complaint," or "settlement"
- Civil litigation history (defendant in employment disputes)
Roles with access to proprietary assets
CTO, VP Engineering, Principal Engineer, Senior Architect, R&D Director, Head of Product (in IP-heavy domains), Chief Scientist.
Senior technical hires from competitors carry the structural risk of inbound trade-secret disputes, NDA violation from the prior employer's perspective, or pattern of IP litigation. The risk is not that the candidate is malicious; it is that the prior employer believes the candidate took proprietary work product to the new role and pursues legal action.
- Civil litigation history (defendant in IP, trade-secret, or NDA disputes)
- Prior NDA enforcement record
- Patent applications and prior assignment record
- Adverse media search for IP-related coverage
- Where the candidate has founded prior companies: company status, dissolution reasons, prior co-founder disputes
Roles representing the brand publicly
CRO, Head of Sales, VP Marketing, Communications Director, key account executives, customer success leaders for marquee accounts.
Customer-facing senior hires represent the company brand in public, with regulators, and with key accounts. Adverse public conduct, regulatory complaints filed against the individual, or social media history at variance with the company's stated values translates directly to reputational exposure for the new employer.
- Comprehensive social media review (public-only, GDPR / DPDP / PDPA compliant)
- Adverse media search across English and local-language press
- Regulatory complaints filed against the individual (where the role is regulated)
- Public statements review where the candidate has a public profile
Roles with fiduciary or regulatory weight
CEO, board members, regulated-industry senior roles (financial services fit-and-proper, healthcare, defence, legal), audit committee members.
Roles at the top of the organisation or in regulated industries combine every risk class above plus regulatory exposure: disqualification from directorship, regulatory disciplinary records, prior fit-and-proper concerns, related-party transaction history, and political exposure where the jurisdiction makes it material.
- All checks from families 01 through 04 above
- Regulatory disciplinary records and disqualification history
- Politically Exposed Person (PEP) and sanctions screening
- Related-party transaction history
- Media history with deeper archival coverage
- Sector-specific fit-and-proper attestation (for financial services in particular)
How to implement calibration without exploding cost
The first instinct on seeing this taxonomy is to apply enhanced screening to every senior hire, which is both expensive and unnecessary. The second instinct is to ignore the taxonomy because cost-per-check optics dominate. Both responses miss the right answer, which is structural.
A calibrated programme operates at three layers:
- Role mapping. Every role in the organisation gets assigned a primary risk family at the moment the role is created or filled. The assignment is a one-time exercise per role; reassignment only happens when scope or seniority changes.
- Default scope per family. Each family has a pre-defined additive scope that runs in addition to the standard package. The role-specific scope is automatic, not negotiated case by case.
- Programme-owner override. The programme owner (typically Head of People or a senior TPRM function) can elevate or de-escalate scope for specific hires where context demands. This is the human-judgment layer that prevents calibration from becoming a rigid algorithm.
The cost arithmetic at programme level is more favourable than the per-check uplift suggests. Suppose an organisation hires 200 people per year, of whom 40 are in calibrated families (a typical 20 percent). The calibrated cohort costs roughly 30 to 60 percent more per check, which translates to a programme-level uplift of about 6 to 12 percent. Against a single material incident, the math is overwhelming. The remaining 160 hires continue under the standard package, which is appropriate for their risk profile.
For PE operating partners: the calibration policy framework
Across a portfolio of investments, role calibration is rarely a standing policy. Portfolio CHROs typically inherit a "standard package across all hires" approach because that is what their vendor contracted for and what the cost-per-check optics support. The operating-partner ask is to establish role calibration as a portfolio-wide policy, not a vendor-by-vendor negotiation.
The minimum viable policy:
- A portfolio-standard role taxonomy that maps positions to risk family. Each portfolio company adopts this taxonomy as part of operating-partner governance.
- A default additive scope per family, negotiated with the BGV vendor at portfolio level rather than per portfolio company.
- Quarterly reporting on calibrated-cohort coverage rate: of all hires this quarter that mapped to a calibrated family, what percentage received the enhanced scope?
- Annual incident review: any post-hire incidents at any portfolio company; was the role in a calibrated family; was the enhanced scope run; if not, what surfaced post-hire that would have surfaced pre-hire with the calibrated scope?
This is the foundation of the portfolio-level workforce risk dashboard discussed in the final article of this series. Without calibration as a standing policy, the dashboard measures only compliance, not risk discovery.
Calibrate the programme to the risk, not the role.
Request a programme briefing to map your existing role taxonomy against the five risk families and design the additive scope for each. Output is a portfolio-ready calibration policy document and indicative cost.