Police checks, right to work and WWCC: building a compliant screening policy in Australia

Share this article
Contents
Example H2
Example H3
Example H4

Building a compliant screening policy in Australia is a board-level risk issue. For large employers, the problem is rarely whether checks are needed. The harder question is whether checks are applied consistently, lawfully and in proportion to the role.

A good screening policy should do three things clearly. It should identify which roles need which checks, explain when those checks happen, and set out how results are assessed. Without that discipline, screening becomes inconsistent. One team may over-check junior roles while another misses a legal requirement for a regulated position.

Start with role risk, not habit

Enterprise screening should begin with role mapping. Group positions by the risk they carry, then assign checks to each group.

For example, a national retailer may require right to work checks for every employee, police checks for roles handling cash or stock loss investigations, and Working with Children Checks for staff working in environments where minors are present. A healthcare provider may need a different model, with stricter checks for clinical, aged care, disability or child-facing roles.

This matters because Australian privacy law expects employers to collect personal information only where it is reasonably necessary for their functions or activities. Sensitive information generally requires stronger justification and, in many cases, consent. Screening policies that ask every candidate for every possible check create avoidable privacy and discrimination risk.

Right to work checks should be universal

Right to work checks are the baseline. The Department of Home Affairs says a person can legally work in Australia if they are an Australian citizen or hold a valid visa with permission to work. Employers must check they are employing someone who can legally work in Australia. Some visa holders have unrestricted work rights, some have limits, and some cannot work.

For enterprise HR teams, this means right to work should not sit with individual hiring managers. It should be built into onboarding, with evidence captured before employment starts and rechecked when a visa expiry or work condition requires it.

Home Affairs’ VEVO service allows employers and other organisations to check visa details and conditions, including whether a person is living permanently or temporarily in Australia and whether they have unlimited or limited work rights.

Veremark’s right to work checks can support this process by helping verify visa and residency status, obtain consent, check identity and return results in a structured workflow.

Police checks need clear decision rules

Police checks are common, but they are often poorly governed. The policy should define when a police check is required, who reviews the result, what factors are considered, and how the candidate can respond.

The Australian Criminal Intelligence Commission explains that the National Police Checking Service is a partially manual, name-based process involving many stakeholders. Turnaround times are not guaranteed.

That point matters operationally. If a police check is essential for a role, build the expected timing into workforce planning. Do not leave it to the final day before a start date.

It also matters ethically. A criminal history result should not trigger an automatic rejection unless the law requires it. HR and legal teams should assess whether the information is relevant to the inherent requirements of the role. A past offence may be highly relevant for a finance role, a security role or a role involving vulnerable people. It may have little connection to another position.

Veremark’s criminal record checks can sit within a wider screening model, alongside identity checks and other role-based checks.

WWCC is state and territory based

Working with Children Checks need special handling because they are not a single national check. The Department of Education states that people who work or volunteer in child-related work must usually hold a current WWCC, and that WWCCs are required and issued under state and territory laws. The name, requirements and application process differ across jurisdictions.

This is a common failure point for large employers operating across Australia. A policy written for New South Wales may not work in Victoria, Queensland or Western Australia. The policy should therefore include a jurisdiction matrix covering:

  1. Who needs a WWCC in each state or territory
  2. Whether the check must be completed before work starts
  3. How the employer verifies the clearance
  4. How renewal dates are monitored
  5. What happens if a clearance is refused, suspended or expires

The national position is also changing. In May 2026, the Attorney-General’s Department said states and territories had passed or introduced legislation to support a “banned in one, banned in all” approach, so a person banned from holding a WWCC in one jurisdiction is banned in all.

For employers, the lesson is simple. Do not treat WWCC compliance as a one-off onboarding task. It needs ongoing monitoring, renewal tracking and local legal review.

Build one policy, then localise it

Building a compliant screening policy in Australia requires a national framework with local controls. The national framework should set the minimum standard. Local appendices should then deal with state, territory and industry requirements.

A strong policy should cover:

  • Purpose and scope
  • Role risk categories
  • Check types required by role
  • Candidate consent and privacy notices
  • Timing of checks
  • Decision-making authority
  • Adverse result review process
  • Record retention
  • Renewal and rescreening triggers
  • Supplier and contractor coverage
  • Audit reporting

Contractors are often missed. That is a mistake. If contractors, labour hire workers or third-party personnel have access to customers, systems, funds, premises or children, the policy should state who is responsible for screening them and what evidence must be provided.

Treat screening data as controlled information

Screening creates sensitive records. Access should be limited to people who need the information for employment decisions. Results should not be copied into unmanaged folders, emailed between managers or retained longer than necessary.

The Office of the Australian Information Commissioner states that private sector employee records are exempt from the Australian Privacy Principles in certain circumstances when directly related to current or former employment relationships. That exemption does not remove the need for disciplined handling, especially at candidate stage and where information may be used for another purpose.

Large employers should keep screening evidence in a controlled system, with audit trails and defined permissions. Veremark’s background checks platform is designed to help employers manage different checks in one place, which reduces the risk of informal handling across teams.

Make accountability explicit

A compliant policy needs owners. HR may manage the process, but legal, risk, compliance, procurement and business leaders all have roles.

The board should expect regular reporting on completion rates, exceptions, expired checks, adverse findings, supplier compliance and policy breaches. HR leaders should be able to show that screening is consistent across business units and proportionate to the risk of each role.

Building a compliant screening policy in Australia is not about adding more checks. It is about using the right checks for the right roles, keeping evidence under control, and making decisions that can be explained. That is what protects the organisation, the workforce and the people the business serves.

Share this article

Popular Packages

FAQs

What background check do I need?

This depends on the industry and type of role you are recruiting for. To determine whether you need reference checks, identity checks, bankruptcy checks, civil background checks, credit checks for employment or any of the other background checks we offer, chat to our team of dedicated account managers.

Why should employers check the background of potential employees?

Many industries have compliance-related employment check requirements. And even if your industry doesn’t, remember that your staff have access to assets and data that must be protected. When you employ a new staff member you need to be certain that they have the best interests of your business at heart. Carrying out comprehensive background checking helps mitigate risk and ensures a safer hiring decision.

How long do background checks take?

Again, this depends on the type of checks you need. Simple identity checks can be carried out in as little as a few hours but a worldwide criminal background check for instance might take several weeks. A simple pre-employment check package takes around a week. Our account managers are specialists and can provide detailed information into which checks you need and how long they will take.

Can you do a background check online?

All Veremark checks are carried out online and digitally. This eliminates the need to collect, store and manage paper documents and information making the process faster, more efficient and ensures complete safety of candidate data and documents.

What are the benefits of a background check?

In a competitive marketplace, making the right hiring decisions is key to the success of your company. Employment background checks enables you to understand more about your candidates before making crucial decisions which can have either beneficial or catastrophic effects on your business.

What does a background check show?

Background checks not only provide useful insights into a candidate’s work history, skills and education, but they can also offer richer detail into someone’s personality and character traits. This gives you a huge advantage when considering who to hire. Background checking also ensures that candidates are legally allowed to carry out certain roles, failed criminal and credit checks could prevent them from working with vulnerable people or in a financial function.

Transform your hiring process

Request a discovery session with one of our background screening experts today.

Whistleblowing compliance in Australia: a 10-step checklist for aged care providers

The new Aged Care Act 2024 commenced on 1 November 2025, replacing the previous framework and placing the rights, safety and dignity of older people at the centre of aged care regulation.

The strengthened Aged Care Quality Standards place explicit expectations on providers around complaints handling, incident management and governance systems that support timely action, tracking and learning. The new Aged Care Act reinforces this with stronger enforcement powers, personal liability for directors and officers, and clearer obligations around continuous improvement.

This guide explains the new aged care whistleblowing framework and gives you a 10-step checklist to help you become more compliant.

Get your own copy!