September 2011 Article

A Pathway to a Private Security Market Infrastructure

Published by: RUSI Newsbrief September 2011

Author: William Dill

With a growing need for the specialist services of Private Military and Security Companies (PMSCs), the nature and dynamism of the industry must be reflected in its operational integrity and a need to fill those gaps left when the nature of security work is removed from the overarching control of international governments and the associated levels of required compliance in terms of international law, and indeed, moral responsibility.

Whether we argue that the private security sector encourages well trained personnel to leave the army or the surplus of trained personnel has helped create a reservoir of talent, the fact remains that the market has created an opportunity for a second career for ex service personnel, using their skills directly without the requirement for radical re-training that would be the inevitable result of a civilian position. In most cases, the private security career is seen as offering better pay, better prospects and operating with ‘business systems’ with which the individual is already familiar. Private security firms offer significant rewards for highly skilled and experienced ex-services personnel.

To this end, work has commenced through consultation and formalised meetings to progress the requirements as directed in the Montreaux Document and the International Code of Conduct, with a view to ensuring compliance and legitimacy within the industry. 

It is important to recognise that an agreed ‘market standard’ can not just be an effective tool in bringing controls and compliance measurement to an industry.  A standard must also be externally facing and when used correctly can identify the vital elements of the market infrastructure which will be required to ensure the management of the standard, the legitimacy of market and the competence of employees. This in turn develops confidence in the company, its stakeholders and over time, the standard itself – through ongoing compliance creating a pathway for acceptance of legislation and, through market pressure, forcing non-compliant companies to accept the requirements, or leave the market.

An example of this ‘market pressure’ can be seen with the Timber Chain of Custody Standard, which although present in a completely different industry, demonstrates how the principle would become self promoting and sustaining. We are not of course suggesting that the legality (or otherwise) of timber purchase and distribution is immediately analogous to the rigours of private security management and regulation, but the development of the standard and market can create some interesting parallels.

The FSC Chain of Custody trademark is seen adorning most timber related products now, from covers of paperbacks, through to plywood in a trade warehouse. The trademark has become clearly linked with legal, sustainable timber and despite some public misinterpretation, remains synonymous with green issues in general. Since its inception in 1992, the Forest Stewardship Council mark has become an internationally recognised standard, indicating compliance with the standard regarding import and legal responsibility with regard to timber and timber products, and reassurance that a recognised and auditable system is followed by the company concerned.

Despite the gap between this industry and the private security sector, there are certain facets of this accepted standard which bear further investigation. The standard in this case was developed, by interested parties, with a view to reducing the trade in illegally logged timber. The FSC website states that the standard has ‘turned into the leading model for environmentally appropriate, socially beneficial and economically viable forest stewardship’.

On analysis however, and in line with the original intent, the standard has become much more. Through enforcement and pressure from environmental pressure groups, it has created an infrastructure that promotes supplier responsibilities and a sea change within the marketplace as a whole. The preponderance of FSC labels in all facets of everyday life, from books to cardboard boxes, is evidence of the impact of the standard and the uptake of its responsibilities and repercussions. Of course, environmental pressure has helped make it a recognisable tradename of sorts. With further legal implications due to impact in 2012, and the expansion of the global market, the need for due diligence in the industry has never been greater.

Hence, those companies who have embraced the standard and used its benefits to create a market advantage have won more lucrative contracts, in a market which is now actively seeking those companies that can effectively comply when they carry out trading or construction activities. In essence, the needs of the customer have been redefined and passed on to the supplier. Key to development to date is the fact that those who sit back and ‘avoid’ the standard are left behind.

The lessons of the FSC Standard teach us that with relevant application of inertia to the market, it can be radically changed, for the better, at the very least in terms of public and media perception. The standard is also externally facing, in that those companies who are certified with it are recorded on a public database, outlining who has reached the level of compliance and been audited and passed.

A PMSC Standard, which remains independent and is current (i.e. is updated in a timely fashion to reflect industry changes), can provide the market infrastructure, compel client and industry integrity and ensure the effective management of operatives, the supply chain and enforcement.

Infrastructure

As alluded to above, a standard does not define the market or improve the industry and the nature of its ‘product’ in isolation. The infrastructure related to the management of the standard is intrinsically important.

These elements would require resources and investment to ensure they are managed independently as well as in support of the private security market.  To operate effectively, this would require four separate aspects of management, each related, but distinct in terms of operation and responsibility.

These can be summarised as:

• An Individual Operative Database
• Company Certification
• An independent Standards Body
• The Governance and Oversight Mechanism

Individual Operative Certification – Training, Competence, Welfare, Support  and Legal Compliance

As stated within the International Code of Conduct, selection and vetting of personnel is intrinsic to the management requirements of signatory companies who must ensure the effective recruitment of qualified personnel.  Research gathered during the creation of the MACE Standard, would indicate that the assessment and selection of key, qualified personnel, would be facilitated via a regulated collective database. 

Key to this endeavour of course is the relative quality of the skilled operative. This, by its nature and the environment concerned, requires close assessment and dedicated resources. It is suggested that an independent, secure database, managed with reference to the GOM but open to inspection through certification body audit, would promote the requirement for professional membership of operatives who have been approved in line with the requirements of the Standard and ICOC. Although security of such information would be paramount, the provision of records related to conviction or inappropriate conduct is the main consideration, with regard to meeting the requirements of the ICOC. Training and matters of qualification would be assessed and managed by the parent company, with the records audited annually.

With relevant access and database security, pertinent information could also be used for selection and vetting of those personnel required by PMSCs for relevant certified contracts. Current membership would promote more transparent industry perceptions and again enhance the market standing of companies and individuals in line with codes of conduct.

Company Certification – Legal Compliance and Risk Management

Although companies would be responsible for ensuring that they meet the requirements of the standard, only independent auditing could ensure that they actually do, providing evidence of quantitative and qualitative approaches to compliance. Once certified, it is vital that companies are assessed on a regular basis, both at their head office and also during field operations, to ensure that compliance can be independently verified.  This is the only manner through which confidence can be guaranteed on behalf of clients, stakeholders and other interested parties.

Critical to any form of monitoring regime, will be the structure and resources provided by an independent Standards Body. This body will be required to ensure the implementation, adoption, maintenance, certification/approval and monitoring of the standard and certified organisations; an effort which will be critical in ensuring success.

It is clear then that the certification body, in whatever guise, must be clearly independent from the PMSCs. In addition however, the nature of the body and its work can not be handled by ‘civilian’ certification companies (at least in their current form) who are more used to handling standards related to services and manufacturing rather than security. A uniquely challenging industry requires a unique approach.

Despite the obvious challenges, there is a legitimate concern within the industry that external auditing against a new standard would be impractical, due to the geographical and physical barriers related to the environment. Concerns have been raised with regard to the practicalities of auditor presence at Forward Operating Bases or in positions close to fighting and the related resources and security issues. These are practical concerns. By the same token however, a standard and body that shies away from practical auditing in the field, where the standard would be most reliably tested, risks loss of confidence in the entire external verification process.

It is therefore practical, relevant and pertinent to teach ex-service personnel how to audit against the standard, as opposed to developing an understanding of the security issues related to the environment with existing auditors with no relevant experience. Independent verification must be thorough while remaining unobtrusive, but only so far as this is practical. The nature of the activity and industry requires special verification and treatment of the environment.

As with issues related to security and privacy, and more so than with other international standards, a PMSC standard will require competent management of qualified and capable auditors and highly effective auditing practice, in order to deliver effective assessment of the companies operating in increasingly complex and unstable environments. External audits, by an independent assessor, remain the single most effective control that will ensure confidence in the standard.

The absence of internal and external auditing in some industries has led to a significant drop in operational controls and quality of service, primarily due to the ever increasing pressure caused by unplanned operational requirements and a lack of leadership. It is a fact of life that a facet of an organisation that remains un-audited and un-checked, either becomes lax or lacks a general improvement ethos.

In order to ensure transparency, stability and sustainability within this new market, Certification Audits need to be resourced and managed with new, dynamic auditing methods in a progressive and constantly changing industry.  This will greatly contribute to the protection of not just the PMSC standard but to the company itself, its employees, clients and stakeholders. 

The Standards Body

The Standards Body, in whatever form it takes, must ensure that it continually improves and also adapts to meet future revisions of the proposed PMSC Standard in line with the International Code of Conduct. It must also remain independent of PMSCs and any related certification bodies. It will of course work closely with the certification body so that pertinent issues and continual improvement strategies raised at audit and via feedback, can be developed.

The standards body will in turn require independent verification which, within the UK, can be achieved through UKAS or BSI, the aim here being that the new PMSC Standard will be developed to an agreed level within the marketplace and then externally validated to achieve ‘de facto’ market standard clarification.

The Governance & Oversight Mechanism

The GOM was initially mentioned within the first draft of the ICOC and defined as being able to enforce decisions within the marketplace.  Again, this organisation will need to be independent of all PMSC companies, although fair representation will be required by PMSCs and interested parties . The GOM, through an international council issue enforcement and improvement notice, could effectively remove an Operative or PMSC from the approved databases.

In effect this organisation would act as the Health and Safety Executive does today, but in a more relevant, practical and market-centric manner. At the same time, it would represent the market management authority with Governments and interested parties.

Review and enforcement will be vital elements moving forward, as effective controls and mechanisms will be essential. The main databases for both Individual and company will be maintained by their relevant market bodies, but with the option for the GOM to issue instruction for individual / company removal as a control measure.  This will enable the market to become self sufficient, ensuring that Individuals or companies who do not comply, are effectively restricted from operating on legitimately certified contracts.