Screening without arbitrariness: how a role-based model works

Attention to screening is growing, as recent reporting in the Financieele Dagblad reveals.¹ It describes how organisations are increasingly re-vetting their personnel due to geopolitical tensions and integrity risks. In that context, the question of how to structure screening in a proportionate and role-specific way becomes ever more relevant.

Two roles with entirely different risk profiles often receive the same screening package in practice. Or none at all. That may seem efficient, but it is the opposite. Without role-based classification, organisational arbitrariness takes hold: why is this position subject to in-depth investigation while that one is not? Pre-employment screening only becomes professional when it is proportionate, justifiable, and explicitly linked to the risk of the role.

An appointment is the moment at which an organisation grants someone access — to systems, buildings, data, financial flows, or critical processes. The question that must be asked in advance is therefore not "who is this person?" but "what risks does this role carry?" That distinction sounds subtle. In practice, it determines whether screening yields genuine insight or merely the appearance of control.

Organisations that do this well do not start with the individual but with the function. What access does this role entail? What dependencies does that access create? And which risk categories are therefore relevant?

Proximities analyses risks using four categories that together define the risk profile of a role. Financial risk encompasses fraud, money laundering, theft, and bribery. Conflict of interest risk concerns the leaking of business information, espionage, and undue influence. Reputational risk covers damage to image, negative publicity, and disrupted client or partner relationships. Ethical risk, finally, encompasses abuse of authority, discrimination, and violation of company standards.

Not every role scores equally high across all four categories. A CFO carries a different risk profile than a data specialist, who in turn differs from an employee with physical access to critical locations. The classification per category determines the depth of investigation, the subjects addressed in the interview, and the reporting criteria.

Role-based classification instead of standard packages

One of the greatest pitfalls in pre-employment screening is uniformity: the same package for everyone, or no thorough screening for anyone because the threshold seems too high. Uniformity leads to insufficient depth for high-risk roles and unnecessary burden for roles where the risk is limited. Both are organisationally indefensible.

Role-based classification makes screening justifiable — to candidates, management, and supervisory authorities alike. The Dutch Data Protection Authority furthermore emphasises that screening must be necessary and proportionate in relation to the role.² That is not an administrative requirement, but a substantive principle that compels explicit choices to be made in advance.

A professional screening process consists of three steps that must remain strictly separate. First, facts are verified: are identity, education, and employment history accurate? Then, findings are assessed within the pre-established risk framework: what does a discrepancy mean in the context of this candidate and this role? Only then is a decision made.

That final step belongs exclusively to the employer. Proximities delivers facts, context, and consistency. The organisation decides. That distinction is not only legally correct — it is the only way to be able to account afterwards for a decision that was made consciously and on substantiated grounds.

Proportionality is not a concession, it is a requirement

Screening is only sustainable when it is structured proportionately and justifiably. Data minimisation, clear communication about purpose and approach, restricted access to results, and defined retention periods are the conditions under which screening remains legally defensible and socially acceptable. A role-based approach also makes transparent why one role warrants more investigation than another.

Well-structured pre-employment screening delivers more than the avoidance of intake risks. It creates a documented baseline — an established point of reference an organisation can return to when signals emerge later. What was known at the time? What considerations were made? Are comparable situations now being assessed the same way they were then?

The question is not whether an organisation takes screening seriously. The question is whether the screening model is robust enough to support defensible decision-making — now and in the future.

At Proximities, we help organisations build resilience against genuine security risks. Our goal is to help your organisation identify risks and provide tailored solutions, ensuring those risks do not become an obstacle to business continuity — enabling you to continue operating with confidence.

If you would like more information on how a sound screening policy and process can support your organisation in appointing critical roles, please contact us for a no-obligation conversation.

Sources

¹ Het Financiële Dagblad, “Bedrijven laten hun personeel vaker opnieuw doorlichten”, [datum], https://fd.nl/bedrijfsleven/1587355/bedrijven-laten-hun

² Autoriteit Persoonsgegevens, Richtsnoeren proportionaliteit en noodzakelijkheid bij verwerking van persoonsgegevens.