Introduction
Most credentialing programs and organizations do not discover they have gaps in what they thought was a legally defensible credentialing program until someone files a challenge. The legal framework tends to be bundled in with operational work by credentialing practitioners. This leads to significant use of templated legal documents, policies, and procedures that were not designed to work together or for the credential or certification program specifically. When the rubber hits the road and claims arise, the legal gaps become apparent quickly.
I have worked with credentialing organizations from the outside as counsel and from the inside as general counsel, and the distinction between programs that survive legal challenges and programs that do not is almost always about whether the governance structure was built to be defensible versus simply functional. While both can be goals in building a program, they are not the same thing. A program can function effectively for years processing applications, delivering examinations, issuing credentials, while carrying governance vulnerabilities that only become visible when challenged.
This piece is an overview about building the architecture for legal defensibility as well as functionality.
Designing The Legal Frameworks
Three legal frameworks form the environment credentialing bodies operate in, and every board member and senior staff leader needs to understand at least the outline of each.
Due process.
When a credentialing body takes adverse action against a credential holder, such as denying an application, revoking a credential, imposing a sanction, it is exercising significant power over that person’s career and professional identity. Courts and accreditation bodies expect credentialing organizations to exercise that power with procedural fairness: notice of the action and the reasons for it, an opportunity to respond, a decision made by people without a conflict of interest, and a meaningful appeals process.
What most credentialing programs miss is that the due process obligation is not primarily a constitutional one. Most credentialing bodies are private organizations, and constitutional due process applies to government action. The obligation comes from contract law, the candidate agreement and published policies are a contractual commitment to a defined process, and from the common law principle that private organizations exercising quasi-regulatory authority over individuals’ livelihoods must do so with basic procedural fairness. A program that promises a fair process in its published policies and then does not deliver one has a potential breach of contract and/or breach of duty problem that exists independently of any due process analysis.
Antitrust.
A credentialing body is typically an organization of practitioners, or serves an industry composed of practitioners, whose decisions affect who can participate in a professional market. That makes antitrust law directly relevant in ways that most credentialing leaders do not fully appreciate until a complaint is filed. The concern is not that credentialing organizations intend anticompetitive harm. It is that the structure of these organizations creates opportunities for anticompetitive conduct regardless of intent, and that courts evaluate the competitive effects of credentialing decisions, not simply the intentions behind them.
The specific antitrust risks in credentialing governance deserve more attention than they typically receive. For instance, there could be standard-setting committees composed almost entirely of representatives from the largest employers in a field making eligibility decisions that have the practical effect of disadvantaging smaller competitors.
Accreditation standards.
Most credentialing organizations of any significance operate within an accreditation framework such as NCCA, ANAB, or a profession-specific accreditor. These frameworks are generally compliance obligations, and the requirements they impose are the floor, not the ceiling, of defensible governance practice.
Governance Separation
The single most common structural problem in credentialing governance is inadequate separation between the certification function and the rest of the organization. I want to be specific about why this happens, because understanding the cause is the only way to prevent the pattern from recurring.
Credentialing programs that are subsidiaries or programs of larger associations face a structural tension that is the result of two legitimate governance imperatives in conflict. The parent association has members, advocacy positions, financial sustainability pressures, and organizational relationships that are real and legitimate governance concerns. The credentialing program has a mission to assess competency objectively and make certification decisions that are defensible on their merits. When a large employer’s workforce has a low pass rate, both governance imperatives activate simultaneously: the association’s relationship with that employer matters, and the certification decision needs to stand on its own regardless of who is affected by it.
The organizations that manage this tension well have not resolved it. They have built governance structures that make it structurally difficult for the association’s interests to influence the credentialing program’s decisions, so that individual leaders do not have to choose between the two imperatives in the moment.
The ones that manage it poorly have not built those structures, which means every certification decision that affects a significant organizational relationship requires someone, such as a staff member, a program director, a board chair, to resist organizational pressure. That is a governance design that depends on individual courage rather than structural protection, and it fails depending on who the individuals are, how much pressure is being applied, and whether the structural protections are absent.
The governance separation needs to be explicit and documented. The certification committee needs delegated authority to make credentialing decisions within the framework of board-approved policies, without board review or override of individual decisions. The parent board’s role is to provide resources, set strategy, and ensure the program is governed in accordance with its mission. It is not to review individual certification decisions.
Standard-Setting: The Foundation
The standards a credentialing program enforces, including the knowledge, skills, and abilities required for certification, the recertification requirements, the conduct standards, etc., are the legal and substantive foundation of the entire program. How those standards are developed matters as much as what they contain, because the standard-setting process is what a legal challenge will scrutinize.
A defensible standard-setting process is built on a job task analysis (JTA in more common lingo) or other documented validation conducted at regular intervals. The validation is the empirical foundation that connects certification requirements to what practitioners actually do. Without it, the standards can be argued to be arbitrary and a credential holder challenging a denial or a competitor challenging the program’s market effect has a straightforward argument: there is no objective basis for the requirement being enforced.
The committee composition question I described above in the antitrust context reappears here as a standard-setting question. A committee dominated by representatives of the largest employers or training programs in a field is a committee whose standard-setting decisions will be scrutinized for whether they served the field or served the committee’s organizational interests. Defensible composition is not complicated to achieve: it requires diversity of employer size, geographic representation, and practice setting, with documented conflict of interest management and recusal procedures. It requires that composition decisions be made before standards decisions, not adjusted when someone on the committee realizes the composition is producing decisions that are difficult to defend.
The standard-setting process should be documented in a policies and procedures document that is available to credential holders and the public. Opacity about how standards are set is not a legal protection. It is the absence of a defense.
The Examination: Ownership, Validity, and Security
For credentialing programs that use examination as the primary assessment mechanism, the examination is simultaneously the program’s most significant asset and its most significant legal exposure.
Ownership.
Who owns the examination content is a question many credentialing organizations cannot answer with confidence, and the uncertainty usually traces to vendor contracts that were signed without adequate attention to intellectual property provisions. Under federal copyright law, work created by an independent contractor does not automatically belong to the organization that paid for it. A credentialing organization that has spent years developing an item bank without ensuring it owns that content is carrying a legal vulnerability that becomes consequential the moment the vendor relationship ends.
Every item writer agreement and vendor contract should contain both a work-made-for-hire provision and an assignment clause. The work-made-for-hire provision is the first line of ownership protection. The assignment clause is the backstop. Exclusive ownership can also be impacted by subtle licensing and sub-licensing rights which need careful attention. Organizations that have existing agreements without adequate ownership language need a remediation plan by negotiating retroactive assignments from current contractors where possible, replacing items whose ownership cannot be confirmed where it is not.
Validity.
The defensibility of an examination as a basis for credentialing decisions depends on its psychometric validity and the defensibility of the cut score that separates passing from failing candidates. A program whose examination has not been validated, or whose cut score was set through a process that cannot be documented and explained, is vulnerable in every adverse action it takes. The credential holder who challenges a denial can challenge the examination itself if the program cannot demonstrate the examination measures what it claims to measure.
Security.
Examination security breaches create legal obligations that go beyond the operational response. The organization owes duties to candidates who tested under compromised conditions, to credential holders whose credential may be devalued by the breach, and to its accreditation body. The legal and governance response to a security breach needs to be planned before it happens, not improvised when it does. Organizations that attempt to improvise breach responses often create more legal exposure than the breach itself, primarily because the improvised response produced inconsistent communications to different stakeholder groups that were later used as evidence of organizational confusion about its own obligations.
Appeals: Process and Governance
A credentialing body’s appeals process is the most visible test of whether its governance commitments are real or nominal. Everything else about the program’s governance can be assessed only by people who know where to look. The appeals process is where the program’s commitment to procedural fairness is tested in public, through adversarial claims.
The programs that have strong appeals processes are the ones that have processes whose outcomes, whether favorable or unfavorable to the appellant, are hard to challenge on procedural grounds because the process was fair and contemporaneously documented.
The non-negotiable elements: the appeals panel must be composed of people who were not involved in the original decision and who have no conflict of interest with the appellant. This is harder to achieve in practice than it sounds, particularly in smaller professional communities where the qualified reviewer pool is limited. The written decision on appeal must explain what the appellant argued, what the panel considered, and why the outcome was reached.
Antitrust in Practice: The Patterns To Watch
As credentialing and certification programs continue to grow and become more impactful in the marketplace, the risk of antitrust related issues continues to escalate as well. Following a few patterns to watch for:
Eligibility requirements without documented objective justification. A requirement that excludes a class of candidates without a documented, objective basis connected to the competencies the credential measures looks like a market allocation mechanism rather than a quality standard. If the excluded class consists primarily of employees of smaller employers, graduates of competing training programs, or practitioners who obtained their experience through channels that disadvantage certain market participants, the appearance problem compounds the legal one.
Competitor control of standard-setting. When practitioners who serve on standard-setting committees are employees of organizations that compete with one another, the standard-setting process needs documented safeguards against coordination. The antitrust concern is not that competitors are talking, but rather it is that they are talking in a structured process that produces binding standards, which is the kind of coordination that antitrust law scrutinizes.
Mandatory membership as a condition of eligibility. A credentialing program that requires candidates to be members of a parent association as a condition of eligibility is bundling a credential with a membership in a way that raises legal issues.
What Boards Needs to Know
The board of a credentialing organization has significant governance responsibilities. They are specific, and they are different from the governance responsibilities most board members are accustomed to exercising.
The board approves policies, ensures the program has adequate resources, oversees the governance structure, monitors accreditation compliance, and receives aggregate performance data. Importantly, the organization’s board does not review individual credentialing decisions.
While the general principle appears agreeable to most, the pressure board members can feel is real and comes to them in many different forms. A prominent member calls the board chair about a denial. A large employer contacts a director about a recertification failure that affects its workforce. A long-serving volunteer leader receives an adverse action that the board finds awkward given the relationship. In every one of these situations, the board’s answer is the same: the certification committee has independent authority over individual decisions, the appropriate channel is the appeals process, and the board does not review individual outcomes.
The Legal Review Every Credentialing Program Should Complete
A credentialing program that has never had its governance structure, policies, and processes reviewed by legal counsel with specific credentialing experience is operating with unknown legal exposure. The review needs to cover the areas where exposure is most significant: governance separation, standard-setting process documentation, examination ownership, appeals process design, antitrust compliance policies, and accreditation alignment.
The right time to conduct that review is before a legal challenge. The cost of remediation is almost always higher than the cost of the review would have been.
The organizations that run legally defensible credentialing programs are the ones that built their governance structure deliberately, documented their processes contemporaneously, and did not wait for legal claims to find out where the weaknesses were.
If your program has not reviewed its governance separation, its standard-setting documentation, or its appeals process design in the last three years, those are the places to start. Each one is a manageable exercise when no challenge is active. Each one becomes significantly more complicated when one is.
Dan Liutikas is the founder and managing attorney of Org Law, PLLC. He has served as outside general counsel, in-house general counsel, and CEO of global trade associations. Org Law provides governance and legal counsel to nonprofit organizations, associations, and credentialing bodies. Contact Us to discuss your credential or certification program.