Most anti-moonlighting programmes in Indian IT operate on a sequence that looks roughly like this. Pre-employment background verification is conducted at hire. The employment contract includes an exclusivity clause. Annual conflict-of-interest declarations are circulated. When something goes wrong — a tip-off, a visible performance issue, a client complaint — an investigation is launched. Action is taken if evidence is found.
The sequence has a defining feature: every step is reactive. Pre-employment verification looks backward. Annual declarations rely on self-reporting from people who are unlikely to self-report. Investigations are triggered by external signals.
For organisations dealing with the moonlighting prevalence rates emerging in Indian IT, this reactive model is no longer adequate. The shift required is from reactive to continuous — from verification at the point of hire to verification throughout the employment relationship.
This blog walks through what continuous verification actually looks like operationally, where it fits in the broader anti-moonlighting architecture, and how to build it without creating the kind of surveillance environment that destroys trust.
The Architecture of Continuous Verification
Continuous verification is not a single tool. It is an architecture combining several components that together provide ongoing visibility into employment authenticity and conflict status.
Periodic employment status re-verification. At regular intervals — typically quarterly or semi-annually — the employee’s current employment status is re-verified through available registry and database channels. In the Indian context, key sources include the Employees’ Provident Fund Organisation (EPFO) database, which records PF contributions from current employers and surfaces dual employment when contributions appear from multiple sources simultaneously. Tax records, where accessible with consent, can show secondary income patterns. UAN (Universal Account Number) tracking is increasingly central — a UAN with active service from two different establishments is direct evidence of dual employment.
Behavioural monitoring of work patterns. AI-driven analysis of work patterns can surface signals that suggest divided attention. Idle time during expected work hours combined with high activity at unusual hours. Sudden changes in response time consistency. Reduced engagement in collaborative activities. Increased reluctance to attend in-person meetings or accept on-site assignments. These signals individually are noise; aggregated across employees and patterns over time, they produce real information.
System access pattern analysis. Login times, session durations, and access patterns against organisational systems can be analysed for indicators consistent with concurrent employment elsewhere. An employee logging in to the primary employer’s systems in fragmented patterns that suggest competing time commitments — particularly when paired with other signals — produces a useful detection input.
Public-source intelligence. Tools that monitor public-source data — LinkedIn activity, professional platforms, freelancing sites, public project commits, conference participation — can surface evidence of secondary engagement that the employee has not disclosed. EY’s anti-moonlighting tool specifically uses public-source databases and social media analytics for this purpose.
Annual conflict declarations with consequences. Annual declarations in themselves are weak signals. Annual declarations combined with structured verification of declared and undeclared activity, with clear consequences for misrepresentation, produce stronger signal. The declaration becomes a basis for action rather than merely a procedural step.
Re-verification triggers at role changes. Promotions, role changes, project reassignments, and changes in access privileges should trigger refreshed verification activity. A moonlighting employee may have escaped pre-employment scrutiny at original hire but become detectable when their role changes and the verification scope expands.
These components work in combination. No single component reliably catches all moonlighting. Together, they create a detection environment that is materially more effective than reactive frameworks.
Integration with the Background Verification Function
Continuous verification is, in operational terms, an extension of the background verification function rather than a separate capability. The same vendor relationships, data sources, and process infrastructure that handle pre-employment verification can be extended to support periodic re-verification — typically at lower per-event cost than the original pre-employment checks.
The practical integration involves several considerations.
Vendor capability. Not all BGV providers offer continuous monitoring services. Those that do typically structure them as periodic checks against employment registries, ongoing public-source monitoring, and alert generation when discrepancies surface. For Indian IT contexts, EPFO/UAN integration is essential — without this, the periodic checks miss the most reliable signal of concurrent employment.
Consent infrastructure. Continuous verification requires consent that extends beyond the point of hire. Employment contracts and onboarding documentation should include explicit consent to ongoing verification activities, with clarity on what specifically will be monitored and how the data will be used. Without proper consent infrastructure, continuous monitoring creates legal exposure under DPDPA and other applicable frameworks.
Alert thresholds. The volume of signals generated by continuous monitoring exceeds what HR can manually review. Alert thresholds — what level of discrepancy triggers escalation — must be set deliberately. Too low, and the system generates noise that overwhelms the response capability. Too high, and material signals slip through. The calibration is iterative and should be tuned over time based on the actual signal-to-noise ratio observed.
Investigation protocols. When alerts surface, the investigation protocol matters. A concerning signal is not, in itself, evidence of moonlighting. Confirmation requires further verification, employee engagement, and evidence-gathering before any adverse action. Protocols that move from alert to action without proper investigation create both legal exposure and trust damage.
Documentation infrastructure. Continuous verification activities, alerts, investigations, and outcomes must be documented in a manner that supports both regulatory defensibility and internal accountability. The documentation infrastructure is, in many cases, the determining factor in whether the programme survives legal scrutiny.
The Segmented Access Layer
A complementary component to continuous verification is segmented access controls — limiting what data and systems an employee can reach to what is genuinely required for their role.
The logic is straightforward. Even with strong detection, some moonlighting will slip through. The exposure when it does is largely determined by what the moonlighting employee had access to. An engineer with full access to source code, customer data, and internal systems creates fundamentally larger exposure when moonlighting at a competitor than an engineer whose access is limited to the specific project they are assigned to.
Segmented access controls reduce the blast radius of moonlighting incidents. They are also good security practice independent of moonlighting concerns. Among the specific controls that matter:
- Project-segmented access. Engineers assigned to a specific client engagement should have access to that client’s systems and data, not the broader organisation’s data lake.
- Time-bounded credentials. Access credentials should expire and require renewal, with renewal triggering review of continued need.
- Activity logging. All access to sensitive systems should be logged in a manner that supports forensic review if a moonlighting investigation surfaces.
- Separation of competing engagements. Where possible, individuals assigned to engagements for competing clients should be different individuals; where this is not possible, strict access segmentation between the engagements is essential.
These controls do not detect moonlighting. They limit its damage. For organisations whose anti-moonlighting investment can only support partial detection coverage, segmented access controls are an important complement.
Cultural and Communicative Components
The most sophisticated continuous verification programme will fail if it is implemented in a way that destroys employee trust or creates an adversarial culture. Several cultural components matter.
Transparency about monitoring. Employees who understand that their employer conducts continuous verification, and what specifically that involves, are less likely to feel that the monitoring is arbitrary or covert. They are also less likely to engage in concealed moonlighting in the first place — the deterrent effect of transparent monitoring is meaningful.
Clear policy on permitted secondary activity. A policy that allows certain forms of secondary activity — non-conflicting freelance work, advisory roles outside the competitive space, personal projects with no employer-time impact — with disclosure and approval, is more likely to produce genuine compliance than a blanket prohibition. The policy should explicitly distinguish between what is permitted with disclosure and what is genuinely prohibited (competitive engagement, undisclosed engagement, engagement using employer time or resources).
Fair process for investigations. When alerts surface and investigations are launched, the process should treat the employee fairly. Opportunity to respond, opportunity to provide context, fair adjudication. Employees who see colleagues subjected to unfair process draw conclusions about their own exposure and behave accordingly — often by becoming more defensive and concealment-prone, not less.
Coupling with competitive compensation. The structural driver of much moonlighting in Indian IT is wage compression. Continuous verification programmes deployed against a workforce whose compensation is materially below market generate detection success at the cost of high attrition. The programme works best when paired with a compensation structure that doesn’t actively push employees toward secondary income.
The Continuous Verification Maturity Model
For organisations building continuous verification capability from a low base, the journey typically goes through several stages.
Stage 1: Foundation. Pre-employment verification is consistent and high-quality. Employment contracts include strong exclusivity provisions. Annual conflict-of-interest declarations are circulated. Investigation protocols exist for tip-off-driven incidents.
Stage 2: Periodic re-verification. Quarterly or semi-annual re-verification of employment status is implemented for higher-risk roles, with EPFO/UAN integration. Annual declarations are paired with verification of declared activity.
Stage 3: Behavioural monitoring. AI-driven monitoring of work patterns, system access, and behavioural signals is implemented for higher-risk roles. Alert thresholds are calibrated. Investigation protocols are extended to handle alert-driven cases.
Stage 4: Comprehensive coverage. Continuous verification is extended across the workforce, with risk-stratified intensity. Public-source intelligence is integrated. Documentation infrastructure supports regulatory defensibility.
Stage 5: Cultural integration. The programme is integrated with compensation strategy, role design, and culture work. Detection becomes a smaller component of the anti-moonlighting outcome; deterrence and genuine alignment become larger components.
Most Indian IT employers in 2026 are between Stage 1 and Stage 2. The opportunity for those willing to make the investment is substantial — both in compliance outcomes and in the quality of the workforce relationship.
AMS Inform provides background verification and continuous workforce screening services across India and 160+ countries globally. For organisations building continuous verification capability, speak to our team at AMSinform.com.
