Seed NewsvinePSC Regulation is not that hard…
May 4, 2009 Commentary, Jake's Posts
By Jake Allen
Last week I was ranting about the private security industry’s lack of movement along the self-regulation front. Industry regulation is not a new theme for me and the subject most recently came up due to the UK Foreign Office’s decision not to take action on regulation. Instead David Miliband, the British Secretary of State for Foreign & Commonwealth Affairs is calling on the private security industry to self-regulate by drafting a code of conduct and then encouraging industry participants to sign-on to it.
The problem with this model is that it is precisely what has been tried in the U.S. by the International Peacekeeping Operations Association, IPOA and their member Code of Conduct. The code itself is very comprehensive and IPOA are to be applauded for devoting so much time and energy to develop it. But, the motivation and the mechanics by which a PSC would sign-on and more importantly the authority such an agreement would have are severely lacking teeth and that lack of teeth leads to a lack of credibility.
Codes of conduct are the absolute bare minimum that a PSC should be adhering to. They are a moral floor, they are not the benchmark for industry performance. I encourage all PSCs to sign-up for IPOA membership and commit themselves to this global Code of Conduct but the fact that it is a voluntary effort can never be escaped. The whole point of this debate, in my estimation, is to develop a framework to regulate companies who themselves would likely not volunteer to be regulated.
Actually, self-regulation as such is something I have been calling for for years. But the term self-regulation is a misnomer for my purposes. I don’t any more believe that PSCs can self-regulate than can bankers or stock brokers or pharmaceutical firms or any other commercial segment of the global market. When I talk about self-regulation really what I mean to say is that the industry should show some self-leadership, particularly on the part of the biggest PSCs. These firms should step up and show some leadership and collaborate with government to identify ways in which the industry can be regulated and to take actions themselves and lead the effort in having other entities regulate them in an equitable manner. As it stands now it appears that the biggest players in the market are happy to have confounded governments in London and Washington.
What to do then?
Let me outline specifically how I think our industry should be regulated and the role that legitimate global firms should be taking to lead this effort. Many of these ideas are not uniquely my own but they are what I have been thinking about for a long time after having had a lot of discussions with colleagues as well as others, much smarter than me, who have commented on this subject.
The basic premise of my proposal centers around the creation of a ‘legimate’ market for qualified armed security service providers. By creating a regulated and legitimate market you are simultaneously creating an illegitimate or ‘black market’ for those same services. This then leaves consumers (mostly governments or private firms spending government grants) to decide if they want to purchase from the legitimate market or not. Similarly, it drives PSCs to consider whether or not they want to compete in the legitimate market or not.
Writing the Standard
The UK Foreign Office took a pass on regulating PSCs principally because by their estimation it is too difficult. I am not joking. David Miliband in his open letter for consultation says nearly point blank that regulating PSCs is difficult due to the global nature of the industry and the difficulty any single government would face in enforcing any standards, laws or penalties. Ah yes, the old ‘too hard basket’. When all other logical reasoning fails you can always just throw up your hands and say, “it’s just too hard” let’s talk about something else. Not exactly a shining moment in governmental leadership and certainly not the kind of response to a challenge you’d expect from a global leader.
In point of fact qualifying a PSC would not be that difficult. I propose to have a standard drafted in less than 24 months which would cover the majority of armed security services in the market today. It would take an additional 12 months to initially certify any UK based PSCs or any global PSCs wishing to take payment derived from UK taxpayers, most notably MoD or DFID.
How would I do it? I would form a standards committee made up of UK PSCs such as Aegis Defence, Armor Group, Control Risks Group and others. I would include representatives from other stakeholder communities in government as well as organizations such as Human Rights Watch and/or the ICRC. I would also bring in some standards drafting experts from the British Standards Institute or the United Kingdom Accreditation Society to facilitate the drafting of the standard to ensure that best practices were being applied.
I would then facilitate a series of recurring workshops where the committee members would work with existing standards such as the ISO-9001 Quality Management Standard and other general relevant international standards. I would also use the recently published Montreux Document as well as IPOA’s Code of Conduct and other relevant documents from across the PSC industry.
Look, there is any number of examples of where global industries have solved this problem or made great inroads to standardizing the level of service. The automotive sector which is also global, also deals with life-and-death consequences for poor quality and also has a very diverse and fragmented supply chain network was able to draft the TS-16949 standard. But it was done because the major automotive manufacturers took the lead in collaborating on it.
Certifying Companies
Regardless of how the standard is reached in order to ‘certify’ a PSC as conforming to the standard two separate functions must be employed; assessors and accreditation bodies.
Assessors, also referred to as auditors must be completely independent of the PSCs they are auditing as well as any other PSC in the global market. Through a mixture documentation analysis and on-site physical assessing the auditor will make a determination as to whether or not the PSC is conformant to the requirements contained in the standard. If they are then they are issued a certificate stating as much and placed on a periodic monitoring program and a recertification date in 3 years time. If the PSC is not conformant then a report is issued identifying any major or minor nonconformities and the PSC is given a period of time to take the necessary corrective actions.
Ah but who is checking the checkers you ask? That is the role of the accreditation body or society. The accreditation body issues authority to conduct audits and issue certificates of conformity to the auditing firms.
Leverage Existing Infrastructure
It sounds a little confusing but believe me this is a well beaten path with expertise all over the place which could easily be brought to bear. All of this infrastructure exists already in every country on the planet and could easily be applied to PSCs.
The International Standards Organization (ISO) in Switzerland already authors, issues and in some cases simply adopts external standards through an active committee process. The same could be done in the case of PSCs.
Global auditing firms such as the British Standards Institute (BSI), Det Norsk Veritas (DNV), Securite Generale Surveillance (SGS) in Switzerland and Bureau Veritas in France each have offices in over 80 countries and conduct hundreds of thousand of audits of other types every year. It would not be difficult for organizations such as these to get their hands on a standard and quickly come online with auditing capability.
Lastly every country already has accreditation bodies similar to UKAS the United Kingdom Accreditation Service who issue accreditation rights to the auditing firms for audits conducted on companies in operation in their jurisdiction.
So, again, developing the standard is doable and so is the execution of the audits and the eventual company certifications. We are slowly running out of excuses.
Market Conditions
In order for a system like this to work it requires that the market demand be created by states and state collective organizations such the United Nations, the African Union, the Arab League, etc, etc. This can take a long time to achieve as the decision making process in these organizations can be painfully slow and fraught with political blind-alleys. But just because it is difficult does not mean it should be shelved.
States must enact policy and legislation mandating that armed security services be purchased on the open market in an open bid process from not less than 2 qualified service providers. This is critical to the initial success of the program as it will first create demand for the certification and second add a level of transparency to the procurement process which has thus far been lacking. In the end only those possessing the certification will be rewarded by gaining access to potential revenues precluded from non-certified companies.
Major governments like the U.S. and the UK have made a strategic decision to outsource armed security in many instances. The least they can do it provide a meaningful watchdog function and ensure the their funding is spent with firms who are qualified and regulated.
A grace period
Following the successful pilot program a grace period of say 12 to 24 months should be extended to the entire market. This give PSCs enough time to get their hands on the standard, understand its implications, make any necessary changes to ensure conformity, schedule the audit and either remediate the process or receive the certificate.
Penalties must be in effect at the witching hour for companies who have not managed to conform to the standard. This is another role that governments can play in providing oversight and if necessary the enforcement in the form of financial penalties and if necessary the shutting down of companies who refuse or incapable of conformance.
The argument about the global nature being too difficult to regulate is only superficially correct. There is any number of instances where various industries have worked with governments to build cross-border regulation. And even in instances such as in financial services where both the U.S. and the UK authorities have maintained rightful autonomy there have always been a close working partnership and knowledge of what the other one is doing.
The bottom line
The bottom line here is that regulation is a subject the industry’s leaders should take active leadership in. If for no other reason than leaving it entirely to the politicians will most certainly result in an environment that is fraught with over-reaching restrictions and penalties where the good-guys end up paying the freight for the cowboy’s mistakes even more than they are already doing today.
Self-regulation is not going to fly. We’ve seen that from IPOA’s Code of Conduct. Despite IPOA’s good efforts and the quality of the content in their Code the bottom line is that it lacks wide ranging credibility because it is a voluntary exercise pre-incident and post-incident there are no financially negative consequences for simply taking your name off the signatory list.
The future of our industry is what we make it to be. If we believe that we are adding value and contributing positively to the implementation of governmental foreign policy then we must legitimize our existence by standardizing our services. In doing so we will take large step forward in minimizing the negative occurrences which though rare, reflect poorly on the entire industry.
Drafting a standard for PSCs is not difficult. What apparently is difficult to do is to marshal the political will to do have a crack at it.
Tags: Montreux
May 5th, 2009 at 8:02 am
This is a great post, Jake. Thanks for taking the time to write it.
I particularly liked your point re IPOA and codes of conduct.
This was the subject of one of my past columns, back in January ( Dogs of War: Codes of conduct — trust but verify, Jan. 16, http://www.upi.com/Emerging_Threats/2009/01/16/Dogs-of-War-Codes-of-conduct-trust-but-verify/UPI-94401232117745/print ).
Relevant excerpt follows:
One part of regulation is voluntary. All industries profess to follow self-imposed obligations. These are usually codified as codes of conduct — standards that set forth norms of behavior that most companies in an industry accept should be followed. Since these are voluntary, they are not legally enforceable, unlike the core business standards of a company. Yet the monitoring of the implementation and compliance with such standards can be subject to a binding standard.
The private military industry, like any other, has codes of conduct. They generally aim to obligate private military firms to comply with human-rights principles and international humanitarian law. Many individual private military and security contractors also have their own codes.
Such codes have been pushed particularly hard by their trade associations. The first and probably most comprehensive is that of the International Peace Operations Association, which was founded in 2001 in Washington. To be a member of IPOA, a company has to agree to subscribe to its code of conduct.
IPOA’s code of conduct is now in its 11th version. It has a number of laudable provisions ranging from taking “every practicable measure to minimize loss of life and destruction of property” to ensuring that “all Rules of Engagement should be in compliance with international humanitarian law and human rights law.” IPOA also has a complaint mechanism that is open to anyone who believes that a member company of IPOA has violated the code.
Similarly, the charter of the Private Security Company Association of Iraq in Baghdad says it “will insist upon behaviors consistent with norms and conventions of the international community.” Although considering what happens in the world, that might not be saying much.
And the charter of the British Association of Private Security Companies states that members agree “to follow all rules of international, humanitarian and human rights law that are applicable as well as all relevant international protocols and conventions and further agree to subscribe to and abide by the ethical codes of practice of the association.”
This is all well and good and commendable, but, not unlike the famous fictional 1980s Joe Isuzu television car commercials, it is still essentially a pitch to trust them.
The question is, should we be reassured by codes of conduct? Not completely, according to the Geneva Center for the Democratic Control of Armed Forces. A recent paper, “Codes of Conduct: Tool for Self-Regulation for Private Military and Security Companies,” finds such codes could be quite useful, but more needs to be done. Specifically, “In order to guarantee the universal character of the international standards included in codes of conduct despite their voluntary — and thus selective — acceptance by companies, a suitable implementation and monitoring mechanism should be created in which violations of these standards both inside and outside a company can be addressed, discussed and ultimately also penalized.”
The paper credits groups like IPOA for being “aware of the fact that the recognition of rules will safeguard continued existence of the industry in the longer term and does not limit entrepreneurial action, but directs it.”
Yet the paper also found that when it comes to individual cases that are taken up by the media, private military contractors are uncertain about how to react to criticism of their activities.
More importantly, the paper, which examined the mission statements and Web sites of 235 private military contractors, found that a mere 72 of them — less than a third — profess their compliance with normative and ethical values. Only nine companies — less than 4 percent — expressly advocate the recognition of human rights, and one dozen — or just about 5 percent — acknowledge the necessity of their activities being regulated.
Only 44 companies, or fewer than one in five, are prepared to formulate their adherence to values in a code of conduct or in terms of internally binding principles.
And if one turns from private military contractors — like, say, KBR — to private security contractors, such as Blackwater, then an even smaller proportion — 19 out of 70, or 27 percent — profess their compliance with normative and ethical values.
But only one in 10 was prepared to make these values internally binding through a code of conduct, and only 6.5 percent — seven companies — stated they were in favor of regulation.
That last number, by the way, stands in sharp contrast to the claims usually made by trade associations that the industry has no problem with regulation. IPOA’s Web site, for example, says its goals include “better supervision of private companies operating under the umbrella of U.N. or government-led operations.”
The Geneva paper also found that the substance and effect of individual statements provided by contractors are questionable. The U.S. contractor Omniplex World Service Corp. uses the Ten Commandments as the fundamental principle of its operations. Blackwater Greystone has advertised its membership of Global Compact, yet not only has the company no code of conduct, it also repeatedly has been the object of public criticism, particularly for its activities in Iraq. Indeed, Greystone was removed from the U.N. Global Compact register in February 2008.
CACI may have various codes of conduct and internal rules of conduct; however, they were not able to prevent the company’s employees from torturing inmates of Abu Ghraib or being the cause of such torture.
All in all, only one company, namely the United Kingdom’s VT Group, refers to external audits, which are carried out by the Global Reporting Initiative. If there are any monitoring mechanisms for self-imposed obligations, then they are largely the companies’ own reporting systems or internal communication channels.
It seems that when it comes to private military and security codes of conduct, the words of Ronald Reagan seem appropriate: Trust but verify.
May 5th, 2009 at 3:26 pm
Thanks for that David. Excellent context. I’ve exchanged emails with Doug Brooks recently of IPOA and he assures me that regulation is ‘in the works’ and that the bottleneck lies on the client side and not with the PSCs. I have my doubts. Certainly there was no effort to regulate with the previous administration. The Obama admin with Clinton at State are more likely to call for congressional action but my fear is that it will be lumpy and overreach. Then again you can never count out the contractor lobby force. They don’t get any stronger and I am sure they are pretty adept at reminding the government what a snakepit they have created and that there is not easy solutions so the best thing to do is nothing.
Jake
May 5th, 2009 at 4:43 pm
“Regulation is in the works”?
Is that like the “check is in the mail”?
May 6th, 2009 at 5:21 am
To say IPOA’s code of conduct had no teeth is an understatement. When they attempted to begin an investigation into Blackwater following the Monsieur Square massacre Blackwataer just withdrew it’s membership and as far as I could tell it’s client, the U.S. State Department seemed fine with that.
One thing that I really worry about is that if PSCs become widely excepted and common place then there really is no reason why any one with the big bucks can’t have their own private army. Regulation will be impossible if the universe of clients starts to fragment and expand.
May 6th, 2009 at 5:31 am
Thanks marc. The example you raise is a good one and a sore spot I know for Doug and IPOA. It’s hard to blame IPOA for that one. In the end they are simply a industry association. DoS in particular and ‘government’ in general are in the drivers seat to regulate PSCs. Self regulation will not be respected (and it won’t work). Trade associations do not have the teeth to enforce nor the power to punish financially for poor compliance. So the only group left is governments. Thus my frustration with the UK Foreign Office. However the U.S. government has been equally weak.
Jake
June 21st, 2009 at 3:58 am
I share your frustration regarding an industry managed “code of conduct”; however, don’t loose faith in that concept because the last thing you want to see is government regulation. The accounting profession is a very successful example of self regulation. The key to IPOA’s success, in my opinion, rests with licensure, and having the IPOA get plugged in to that process. There also needs to be legislative action requiring professional licensure. Clients that do not accept these standards - and they can written into service contracts - of performance don’t get the service.
I know that there are people out there that will always be the low bidders, but if they are a U.S. Company engaged in PS - they need professional licensure.
The industry needs to come up with equals to FASB and GAAP.
June 21st, 2009 at 7:39 am
Thanks Sal. I suppose we are talking the same language in terms of regulation. At some level the govt has to be involved either in giving the eventual license some credibility or in enforcing/punishing violators. I’ve referenced GAAP as an example many times in the past. It is an excellent model but it requires a great deal of collaboration among people and firms who at the end of the day are competitors. Thus far in the life of modern PSCs and particularly in the past decade companies have not shown that willingness to work towards the ‘greater good’ of the industry. They are much more focused on making the quick buck at any cost.
Jake