When we get a clear DBS check, do we apportion an unofficial badge of safety?
The Disclosure and Barring Service, or DBS, has been with us since 1 December 2012. It succeeded the Criminal Records Bureau (CRB) check and has become an important part of the screening process. In many roles, it is a legal requirement and the de facto tick in the box.
Nevertheless, it is only a look-back mechanism that checks a candidate against a series of registries. Important, but a narrow view which tells you very little about candidate’s current risk profile, future behaviour, online activity, or hidden associations.
In today’s online AI-driven world, this is a problem…
…most notably because we have inadvertently been conditioned to think the more official the check, the quicker we should award the person an unofficial ‘badge of safety’ and let our guards down.
Is this not a trust paradox?
Let’s get into it.
TL;DR
- DBS checks are important, but they only reveal a very narrow risk spectrum.
- An enhanced DBS check is better than a basic DBS check, but all it does a look at a few more static registries. It does not materially widen the risk spectrum.
- A clear DBS certificate can become a ‘badge of safety’ and create a false sense of security for organisations.
- People with no prior offences can easily seduce you into treating them as a low risk candidate, while still carrying risks that DBS checks just won’t see.
- The message is: DBS is not a one-size-fits-all. Match screening depth to the level of access and trust being granted.
Basic vs Standard vs Enhanced DBS checks
Before we get started, let us look at the anatomy of the DBS check.
It is noteworthy that not all DBS checks are equal.
There are three versions:
- Basic
- Standard
- Enhanced
Basic
…is typically used for roles that are not eligible for higher-level checks. It shows unspent convictions and unspent conditional cautions. It’s essentially the “current” criminal record view, not a safeguarding view.
Standard
…is used for certain roles of trust. It shows spent and unspent convictions, cautions, reprimands and final warnings held on the Police National Computer. In other words: it goes beyond what’s currently unspent, but in essence still a central-records check.
Enhanced
…is used for safeguarding sensitive roles. It includes everything in a Standard check, plus any relevant information held by local police forces that the chief officer reasonably considers relevant to the role.
Enhanced is better than Standard is better than Basic.
All very good, but the model is still largely the same: you’re looking at existing records that prove that someone has been caught.
When you consider that the vast majority of cases that make the headlines and end with someone being put away - for unpleasant reasons like child sexual exploitation, radicalisation, hate speech, or corporate espionage - are first-time offenders, the problem comes into stark focus:
They all would have passed their DBS checks with flying colours.
Yikes!
The Trust Paradox
A ‘paradox’ is a situation that on first inspection seems ridiculously self-contradictory, but on closer inspection reveals a valid line of reasoning.
In the context of personnel vetting and safeguarding, I would say the Trust Paradox has three distinct layers:
First: the contradiction of the “badge of safety”
I try to do as much original thinking - and writing - as I can these days (can’t stand AI slop), but credit where credit is due: AI came up with the idea of ‘badge of safety’ when I was researching the idea of a trust paradox.
A ‘badge of safety’ suggests that the cleaner an individual’s background check appears, the more vulnerable an organisation becomes if it relies on that record alone.
When a candidate passes a DBS check (or PCC in South Africa, FBI clearance in the US, etc.), the organisation effectively grants an unofficial ‘badge of safety’. Once someone is categorised as ‘trusted’, the guard, more often than not, drops: monitoring relaxes, and the person is granted access - to children, sensitive systems, financial assets, or high-trust environments - with less scrutiny than the risk may actually warrant.
Second: weaponising a ‘clean skin’ status
The irony is that the vetting system can actively create the ideal operating environment for a malicious actor.
The most dangerous threats are often ‘clean skins’, a term used by police and some security services for someone who has never been caught. Static databases do exactly what they are designed to do:
Show known history.
The predator, extremist, or corporate spy uses that pristine record as a kind of skeleton key to unlock doors that would be closed to known offenders. The static check ironically ends up validating the adversary’s cover story rather than protecting the organisation.
Third: compliance vs actual security
The trust paradox also highlights a systemic shift where administrative compliance replaces vigilance.
Once a box is ticked and the candidate enters the organisation, it assumes the risk is managed. But because static registry checks - like DBS - exclusively look backwards, they can become blind to real-time intent, dynamic digital grooming, or online radicalisation.
Relying on a lookback mechanism means you are effectively trying to predict future human behaviour by looking in the rear-view mirror.
Once someone has passed a formal check, particularly an enhanced DBS check, the organisation may start treating that person as more trustworthy than the evidence actually supports.
So what to do? What does ‘better visibility’ look like?
DBS checks should stay in the process - after all, it is the law. The error would be asking a DBS check to do work it was never designed to do.
So what should be layered onto DBS?
For some roles, statutory checks may be proportionate. For others, particularly where there is access to vulnerable people, sensitive information, financial systems, or organisational authority, the organisation may need a broader view.
Here’s how you can layer it:
1️⃣ Run the statutory registry checks
If someone has already been caught you want to know about it. Do the DBS check where it is required. Do it consistently. Record it.
2️⃣ Add structured digital due diligence where the role justifies it
Look beyond formal records to relevant, lawful, open-source digital risk signals.
3️⃣ Use human validation
AI-driven screening services can help surface potential risk signals (at scale), but no background search decision should be left to a machine. Get it validated by a human. Why? The famous line from the 1979 IBM training manual explains: “A computer can never be held accountable; therefore, a computer must never make a management decision.”
4️⃣ Document the decision
A defensible process should show what was checked, what was found, how the organisation interpreted it, and what decision was made.
That is why Digital Risk Screening exists…
It is an additional layer of lawful, structured risk visibility for roles where the level of trust justifies a more thorough screening. It does not replace DBS, but it does create a much broader spectrum of potential risk.
If your organisation is reviewing how it screens for high-trust roles, Safehire.ai can help. Our Digital Risk Screening combines AI-scale discovery with human analyst validation, giving decision-makers a clearer and more defensible view of workforce risk alongside traditional checks.


.png)
.png)
.png)


