All posts by Rebecca DeWinter-Schmitt

Recent European Actions Advance Mandated Corporate Due Diligence

German translation below. ++++ Die deutsche Version befindet sich unten.

Last week saw a number of developments within the European Union to advance mandated corporate due diligence. The highpoint occurred on Wednesday when the European Parliament voted with an overwhelming majority of 504 (out of 695) in favor of adopting the final report of the Parliament’s Committee on Legal Affairs containing recommendations to the European Commission on mandated corporate human rights and environmental due diligence, corporate accountability, and good governance. Civil society organizations welcomed the strong signal the report sends to the Commission to legislate that companies address human rights and environmental impacts within their own operations and value chains and to provide access to judicial remedy when harms occur. Under the leadership of Rapporteur Lara Wolters, key elements of the report include value chain mapping and transparency, and disclosure of due diligence processes. In terms of enforcement, the report calls for the creation of competent national authorities to undertake investigations and to issue fines and sanctions, as well as calling on Member states to ensure companies can be held liable for harms under civil law.

Civil society organizations would like to see the Commission establish strong due diligence obligations for all businesses and their entire value chains in line with the UN Guiding Principles on Business and Human Rights and OECD Guidelines for Multinational Enterprises, demand meaningful stakeholder consultation, and require civil and criminal liability regimes that can ensure effective access to justice and remedy. While during the Commission’s consultation period on the directive for sustainable corporate governance some business associations expressed concerns about possible competitive disadvantages, Wolters reassured that a directive would create a level playing field and business certainty. The Commission is expected to release its proposed directive in June.

German Draft Due Diligence Law Weak Relative to European Proposal

On Tuesday, former Special Rapporteur for business and human rights John Ruggie sent a letter to the German Economic, Labor, and Development Ministers welcoming the German draft due diligence law, while at the same time stating in no uncertain terms that the proposed legislation must better align with the UN Guiding Principles and OECD Guidelines. Among other things, he recommended that due diligence obligations extend beyond Tier 1 of the value chain, and he stressed the importance of addressing salient risks to rights-holders and not just material risks to companies, the former necessitating effective stakeholder engagement. In addition, Ruggie remarked that the corporate responsibility to address harms depends not on a company’s influence over its suppliers but rather on the nature of its relationship to the harm – in other words, if the company caused, contributed to, or is directly linked to the negative impact – as laid out in the UN Guiding Principles. The Supply Chain Act Initiative, a coalition of NGOs that has vocally advocated for a German human rights and environmental due diligence law, voiced similar critiques of the draft law and the Corporate Accountability Network has described it as a watered-down version of the proposed European directive. The legislation is currently being discussed in Parliament. It remains to be seen if significant changes are possible after the long and contentious negotiations needed to get the Economic Ministry and some business interests on board with the draft law.

Strong Proposed Due Diligence Law Submitted to Dutch Parliament

In comparison, the Netherlands stood out with its draft due diligence legislation on Responsible and Sustainable International Business Conduct submitted by four parties to the Dutch Parliament last Thursday. The NGO coalition, MVO Platform, welcomed the strong bill and hopes it will influence discussions at the EU level. For example, provisions of the draft stipulate that companies with more than 250 employees must undertake due diligence on their value chains in line with the OECD Guidelines, to include assessing environmental impacts. In contrast, the German legislation would apply in the first year to companies with 3,000 or more employees and only requires due diligence analyses of companies’ own operations and their direct suppliers with which they have a contractual relationship. The Dutch law has three layers of enforcement via a public regulator that can issue sanctions, criminal punishment for repeated failure to stop activities that cause or contribute to negative impacts or to provide remedy, and civil liability for harms resulting from a violation of the law. While the German law foresees new administrative oversight and enforcement measures, it does nothing to strengthen civil or criminal accountability for companies, other than giving NGOs and unions enhanced standing to represent those harmed in civil suits. The parliamentary elections this Wednesday may impact the prospects of the legislation’s passage in its current form.

********************************************************************************

Neue europäische Maßnahmen fördern die Sorgfaltspflicht von Unternehmen

In der vergangenen Woche gab es einige Entwicklungen innerhalb der Europäischen Union, die die gesetzliche Sorgfaltspflicht von Unternehmen voranbringen. Der Höhepunkt ereignete sich am Mittwoch, als das Europäische Parlament mit einer überwältigenden Mehrheit von 504 Stimmen (von 695) für die Annahme des Abschlussberichts des Rechtsausschusses des Parlaments stimmte, der Empfehlungen an die Europäische Kommission zur menschenrechtlichen und Umweltsorgfaltspflicht von Unternehmen, zur Rechenschaftspflicht und zur guten Unternehmensführung enthält. NGOs begrüßten das starke Signal, das der Bericht an die Kommission sendet, Unternehmen gesetzlich zu verpflichten, sich mit Menschenrechten und Umweltauswirkungen innerhalb ihrer eigenen Tätigkeiten und Wertschöpfungsketten auseinanderzusetzen und Zugang zu Rechtsmitteln zu gewährleiten, wenn Schäden auftreten. Der Bericht, der unter der Leitung der Berichterstatterin Lara Wolters erstellt wurde, enthält wichtige Eckpunkte zur Abbildung der Wertschöpfungskette sowie zur Transparenz und Offenlegung der Sorgfaltspflichtprozesse. In Bezug auf die Durchsetzung fordert der Bericht die Schaffung zuständiger nationaler Behörden, die Untersuchungen durchführen und Geldstrafen und Sanktionen verhängen können, sowie die Aufforderung an die EU-Mitgliedsstaaten, sicherzustellen, dass Unternehmen für Schäden zivilrechtlich haftbar gemacht werden können.

NGOs fordern die Kommission auf, strenge Sorgfaltspflichten für alle Unternehmen und ihre gesamten Wertschöpfungsketten im Einklang mit den UN-Leitprinzipien für Wirtschaft und Menschenrechte und den OECD-Leitsätzen für multinationale Unternehmen festzulegen, eine sinnvolle Konsultation der Stakeholder zu verlangen und zivil- und strafrechtliche Haftungsregelungen vorzuschreiben, die einen effektiven Zugang zu Justiz und Abhilfe gewährleisten können. In der Konsultationsphase der Kommission zur Richtlinie für nachhaltige Unternehmensführung äußerten einige Wirtschaftsverbände Bedenken über mögliche Wettbewerbsnachteile, jedoch versicherte Wolters, dass eine Richtlinie gleiche Wettbewerbsbedingungen und Sicherheit für Unternehmen schaffen würde. Es wird erwartet, dass die Kommission ihren Richtlinienvorschlag im Juni veröffentlichen wird.

Deutscher Gesetzesentwurf zur Sorgfaltspflicht schwächer als europäischer Vorschlag

Am Dienstag hat der ehemalige Sonderberichterstatter für Wirtschaft und Menschenrechte, John Ruggie, einen Brief an die deutschen Wirtschafts-, Arbeits- und Entwicklungsminister geschickt, in dem er den deutschen Gesetzesentwurf zur Sorgfaltspflicht begrüßt, gleichzeitig aber unmissverständlich darauf hinweist, dass die vorgeschlagene Gesetzgebung besser mit den UN-Leitprinzipien und den OECD-Leitsätzen in Einklang gebracht werden müsste. Unter anderem empfahl er, dass Sorgfaltspflichten über die erste Stufe der Wertschöpfungskette hinausgehen sollten, und er betonte, wie wichtig es sei, die wesentlichen Risiken für Rechteinhaber und nicht nur die wesentlichen Risiken für Unternehmen anzugehen. Dies erfordere ein effektives Stakeholder-Engagement. Darüber hinaus betonte Ruggie, dass die unternehmerische Verantwortung, Schäden zu beheben, nicht vom Einfluss eines Unternehmens auf seine Zulieferer abhängt, sondern vielmehr von der Art seiner Beziehung zu den Schäden – mit anderen Worten, ob das Unternehmen die negativen Auswirkungen verursacht, zu ihnen beigetragen hat oder direkt mit ihnen durch Geschäftsbeziehungen verbunden ist – wie in den UN-Leitprinzipien dargelegt. Die Initiative Lieferkettengesetz, ein Zusammenschluss von NGOs, die sich für ein deutsches Gesetz zur menschen- und umweltrechtlichen Sorgfaltspflicht einsetzt, äußerte ähnliche Kritik an dem Gesetzesentwurf und das CorA Netzwerk bezeichnete ihn als eine verwässerte Version der vorgeschlagenen europäischen Richtlinie. Das Gesetz wird derzeit im Bundestag diskutiert. Nach langen und kontroversen Verhandlungen, die dazu führten, dass das Wirtschaftsministerium und einige Wirtschaftsverbände an Bord kamen, ist unklar, ob signifikante Änderungen möglich sind.

Starker Gesetzesentwurf zur Sorgfaltspflicht im niederländischen Parlament eingebracht

Im Vergleich dazu stachen die Niederlande mit ihrem Gesetzesentwurf zur Sorgfaltspflicht für verantwortungsvolles und nachhaltiges internationales Geschäftsverhalten hervor, der am vergangenen Donnerstag von vier Parteien im niederländischen Parlament eingebracht wurde. Die NGO-Koalition, MVO Platform, begrüßte den starken Entwurf und hofft, dass er die Diskussionen auf EU-Ebene beeinflussen wird. Der Entwurf sieht beispielsweise vor, dass Unternehmen mit mehr als 250 Mitarbeitern eine Sorgfaltsprüfung ihrer Wertschöpfungsketten in Übereinstimmung mit den OECD-Leitsätzen durchführen müssen, wie auch eine Bewertung von Umweltauswirkungen. Im Gegensatz dazu würde die deutsche Gesetzgebung im ersten Jahr für Unternehmen mit 3.000 oder mehr Mitarbeitern gelten und verlangt nur Sorgfaltsanalysen der eigenen Betriebe und der direkten Zulieferer, mit denen man in einem Vertragsverhältnis steht. Das niederländische Gesetz hat drei Ebenen der Durchsetzung: 1. über eine öffentliche Aufsichtsbehörde, die Sanktionen verhängen kann; 2. strafrechtliche Bestrafung für wiederholte Versäumnisse, Aktivitäten, die negative Auswirkungen verursachen oder dazu beitragen, zu stoppen oder Abhilfe zu schaffen; und 3. zivilrechtliche Haftung für Schäden, die aus einer Verletzung des Gesetzes resultieren. Obwohl das deutsche Gesetz neue administrative Aufsichts- und Durchsetzungsmaßnahmen vorsieht, tut es nichts, um die zivilrechtliche oder strafrechtliche Haftung von Unternehmen zu stärken, abgesehen von verstärkten Möglichkeiten für NGOs und Gewerkschaften Geschädigte in Zivilprozessen zu vertreten. Die niederländischen Parlamentswahlen an diesem Mittwoch könnten auf die Verabschiedung des Gesetzes in seiner jetzigen Form eine Auswirkung haben.

Germany Announces Human Rights Due Diligence Law

German translation below. ++++ Die deutsche Version befindet sich unten.

After months long intense discussions, the German government announced on February 12 its intention to pass a due diligence in supply chains law before the upcoming September elections. In a press conference, Labor Minister Hubertus Heil, Development Minister Gerd Müller, and Economic Minister Peter Altmaier described the main provisions of the draft legislation meant to ensure that companies respect human rights throughout their supply chains. The law was expected after a three-year study monitoring German companies revealed that less than 20% meet their human rights due diligence responsibilities. The German National Action Plan (NAP) for Business and Human Rights had established the expectation that by 2020 at least half of German companies with more than 500 employees implement human rights due diligence measures. The coalition agreement between the ruling parties committed the government to pass legislation if that target was not reached.

Details of the legislation may change before it is passed by Parliament, but currently beginning in 2023 it will apply to companies with 3,000 employees, approximately 600 companies, and in 2024 it will cover companies with 1,000 employees or about 2,900 companies. The delayed start, according to Minister Altmaier, will give companies time to first deal with the economic impacts of the pandemic. Due diligence measures, as detailed in the German NAP and the UN Guiding Principles on Business and Human Rights, must be undertaken for companies’ own operations and their direct suppliers with which they have a contractual relationship. Human rights risk analyses of indirect suppliers deeper in the supply chain are only necessary in certain situations, such as when specific complaints are lodged or if there is knowledge of human rights abuses in high-risk circumstances.

The Federal Office for Economic Affairs and Export Control is tasked with enforcement. It can levy fines, potentially up to 10% of annual revenues, if due diligence responsibilities are not met. As Minister Altmaier noted at the press conference, levied fines are not based on the human rights abuse, but rather penalize the failure to undertake due diligence. Furthermore, companies can be excluded from government procurement for up to three years. The legislation does not establish any new civil liabilities for companies. It does, however, give unions and NGOs improved standing to bring claims on behalf of victims before German courts.

The German law would be the second within the European Union, after France’s duty of vigilance law, to mandate broad-based human rights due diligence. However, in its current form it is weaker than the proposal laid out in the legal committee’s report on corporate due diligence and accountability to be discussed in plenary by the European Parliament next month. Civil society, to include the Initiative for a Supply Chain Law, responded to the German draft legislation with mixed reactions, welcoming it as an important step forward while pointing out its shortcomings. Foremost, civil society organizations would like to see more companies covered, to include SMEs in high-risk sectors, expanded civil liability, and mandated due diligence for indirect suppliers, provisions that employer and industry associations actively opposed. Environmental organizations, such as BUND, critique the failure to mandate environmental due diligence, as environmental impacts are only addressed to the extent that they affect human rights protections.

Future blogs will explore discussions within the EU and member states on mandated human rights and environmental due diligence. The expected European legislation will cover business relationships in value chains and thus have repercussions beyond European borders.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Deutschland kündigt Sorgfaltspflichtengesetz an

Nach monatelangen heftigen Diskussionen kündigte die deutsche Regierung am 12. Februar ihre Absicht an, noch vor den anstehenden Wahlen im September ein Gesetz zur Sorgfaltspflicht in Lieferketten zu verabschieden. In einer Pressekonferenz erläuterten Arbeitsminister Hubertus Heil, Entwicklungsminister Gerd Müller und Wirtschaftsminister Peter Altmaier die wichtigsten Bestimmungen des Gesetzentwurfs, der sichern soll, dass Unternehmen Menschenrechte in ihren Lieferketten einhalten. Das Gesetz wurde erwartet, nachdem eine dreijährige Monitoring-Studie von deutschen Unternehmen ergeben hatte, dass weniger als 20% ihrer menschenrechtlichen Sorgfaltspflicht nachkommen. Der deutsche Nationale Aktionsplan (NAP) für Wirtschaft und Menschenrechte ging davon aus, dass bis 2020 mindestens die Hälfte von deutschen Unternehmen mit mehr als 500 Mitarbeitern Maßnahmen zur menschenrechtlichen Sorgfaltspflicht umsetzen. Die Koalitionsvereinbarung zwischen den Regierungsparteien verpflichtete die Regierung, ein Gesetz zu verabschieden, wenn dieses Ziel nicht erreicht wird.

Die Details des Gesetzes können sich noch ändern, bevor es vom Bundestag verabschiedet wird, aber nach derzeitigem Stand wird es ab 2023 für Unternehmen mit 3.000 Mitarbeitern gelten, ungefähr 600 Unternehmen, und ab 2024 für Unternehmen mit 1.000 Mitarbeitern, etwa 2.900 Unternehmen. Der verzögerte Start, so Minister Altmaier, soll den Unternehmen Zeit geben, sich zunächst mit den wirtschaftlichen Auswirkungen der Pandemie zu befassen. Sorgfaltspflichtmaßnahmen, wie sie im deutschen NAP und in den VN-Leitprinzipien für Wirtschaft und Menschenrechte festgelegt sind, müssen Unternehmen für ihre eigenen Betriebe und ihre unmittelbaren Lieferanten, mit denen sie in einem Vertragsverhältnis stehen, durchführen. Menschenrechtliche Risikoanalysen von mittelbaren Lieferanten auf tieferen Ebenen der Lieferkette sind nur in bestimmten Situationen notwendig, z. B. bei konkreten Beschwerden oder bei Kenntnis von Menschenrechtsverletzungen in Hochrisikosituationen.

Das Bundesamt für Wirtschaft und Ausfuhrkontrolle ist mit der Durchsetzung beauftragt. Es kann Bußgelder erheben, die bis zu 10% des Jahresumsatzes betragen können, wenn Sorgfaltspflichten nicht eingehalten werden. Wie Minister Altmaier auf der Pressekonferenz anmerkte, basieren die erhobenen Bußgelder nicht auf der Verletzung von Menschenrechten, sondern bestrafen die Nichteinhaltung der Sorgfaltspflicht. Darüber hinaus können Unternehmen für bis zu drei Jahre von der öffentlichen Auftragsvergabe ausgeschlossen werden. Das Gesetz schafft keine neue zivilrechtliche Haftung für Unternehmen. Es gibt jedoch Gewerkschaften und Nichtregierungsorganisationen eine erweiterte Prozessstandschaft, um Betroffene vor Gericht vertreten zu können.

Das deutsche Gesetz wäre nach dem französischen Gesetz, Loi de Vigilance, das zweite innerhalb der Europäischen Union, das eine breit angelegte menschenrechtliche Sorgfaltspflicht vorschreibt. In seiner jetzigen Form ist es jedoch schwächer als der Vorschlag im Bericht zur Sorgfaltspflicht und Rechenschaftspflicht von Unternehmen des Rechtsausschusses, der nächsten Monat im Plenum des Europäischen Parlaments diskutiert werden soll. Die Zivilgesellschaft, zu der auch die Initiative Lieferkettengesetz gehört, reagierte auf den deutschen Gesetzesentwurf mit gemischten Reaktionen. Sie begrüßte ihn als wichtigen Schritt nach vorn und wies gleichzeitig auf seine Mängel hin. Vor allem wünschen sich zivilgesellschaftliche Organisationen eine Ausweitung des Geltungsbereichs auf kleine und mittlere Unternehmen in Hochrisikobranchen, stärkere zivilrechtliche Haftung und eine Sorgfaltspflicht für indirekte Zulieferer – Bestimmungen, die von Arbeitgeber- und Industrieverbänden abgelehnt werden. Umweltorganisationen wie der BUND kritisieren das Fehlen einer Umweltsorgfaltspflicht, da Umweltauswirkungen nur in dem Maße berücksichtigt werden, wie sie den Menschenrechtsschutz berühren.

Zukünftige Blogs werden sich mit den Diskussionen innerhalb der EU und Mitgliedsstaaten zur menschenrechtlichen und ökologischen Sorgfaltspflicht beschäftigen. Die zu erwartende europäische Gesetzgebung wird sich auf Geschäftsbeziehungen in Wertschöpfungsketten erstrecken und somit Auswirkungen über europäische Grenzen hinaus haben.

Human Analytics Update

German translation below. ++++ Die deutsche Version befindet sich unten.

The Human Analytics team has returned to the Washington, D.C. area. After three and a half years in Berlin, the team is glad to be back at such a promising pivotal moment. In the coming weeks, we plan to revamp our website and will continue to publish regular contributions to the Human Rights in Complex Environments blog. Moving forward our blog will focus on developments regarding responsible business conduct in the European and specifically German contexts, in addition to our posts related to security, business, and human rights. Stay tuned for our next blog which will discuss the recent announcement that the German government will pass a supply chain law this year mandating human rights due diligence.

While in Berlin the team had a chance to build out their expertise. Rebecca, whose second language is German, had the opportunity to undertake some interesting work as an independent business and human rights consultant. Most recently, she supported the German development agency GIZ in conducting a multi-stakeholder dialogue with the automotive sector as committed to in Germany’s National Action Plan. She served as lead consultant for the working group tasked with developing a sector-wide grievance mechanism for the automotive industry. She also collaborated with the German Institute for Human Rights and the German Global Compact Network to draft the discussion paper, A Principles-Based Approach to the SDGs – Why It Matters for Business. In addition, she had the opportunity to support the Investor Alliance for Human Rights in drafting various tools for investors, including a guidance on human rights risks in the Xinjiang Uyghur Autonomous Region and a salient issue briefing on the impact of ICT companies on the right to political participation. Before the pandemic limited face to face interaction, Rebecca managed a project for the consultancy twentyfifty supporting the German Ministry of Labor and Social Affairs in meeting its NAP commitment to conduct multi-stakeholder events on sector cross-cutting human rights issues, including commodity procurement, grievance mechanisms, and sourcing practices.

James attended the Technische Universität (TU) Berlin’s Urban Management Master Course to gain new integrated approaches in urban planning to better achieve local stability and peacebuilding outcomes in post-conflict urban environments. While at TU-Berlin, he conducted field research in Berlin, Johannesburg, and Sarajevo. His thesis, “Sarajevo Redux: Socio-Spatial Outcomes and the Perpetuation of Fragility in a Post-Conflict City” is featured on the TU Berlin Urban Management website. Focusing at the neighborhood and municipal levels, the thesis examines how urban planners might better contribute to achieving more sustainable outcomes of peace and stability in an urban post-conflict setting.

The Human Analytics team would love to hear what you have been up to during our hiatus. Please feel free to reach out to us with you own updates or if you have need of our assistance. We are most easily reached via email at info@human-analytics.net.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Das Human Analytics Team ist zurück in der Washington, D.C. Region. Nach dreieinhalb Jahren in Berlin ist das Team froh, an einem so vielversprechenden Wendepunkt zurück zu sein. In den kommenden Wochen planen wir, unsere Website zu überarbeiten und werden wieder regelmäßig Beiträge im Blog “Human Rights in Complex Environments” veröffentlichen. In Zukunft wird sich unser Blog auf Entwicklungen in Bezug auf Unternehmungsverantwortung im europäischen und speziell deutschen Kontext konzentrieren, zusätzlich zu unseren Beiträgen zu Sicherheit, Wirtschaft und Menschenrechten. Unser nächster Blog befasst sich mit der Ankündigung der deutschen Regierung, in diesem Jahr ein Lieferkettengesetz zu verabschieden, das eine menschenrechtliche Sorgfaltspflicht vorschreibt.

Während seines Aufenthalts in Berlin hatte das Team die Gelegenheit, sein Fachwissen auszubauen. Rebecca, deren Zweitsprache Deutsch ist, hatte einige interessante Aufträge als Wirtschafts- und Menschenrechtsberaterin. Zuletzt unterstützte sie die Deutsche Gesellschaft für Internationale Zusammenarbeit, GIZ, bei der Durchführung eines Multi-Stakeholder-Dialogs mit dem Automobilsektor, wie er im deutschen Nationalen Aktionsplan vorgesehen ist. Sie fungierte als leitende Beraterin der Arbeitsgruppe, die einen unternehmensübergreifenden Beschwerdemechanismus für die Automobilindustrie entwickeln sollte. Außerdem arbeitete sie mit dem Deutschen Institut für Menschenrechte und dem Deutschen Global Compact Netzwerk zusammen, um das Diskussionspapier “A Principles-Based Approach to the SDGs – Why It Matters for Business” zu verfassen. Darüber hinaus hatte sie die Gelegenheit, die Investor Alliance for Human Rights bei der Erarbeitung verschiedener Tools für Investoren zu unterstützen, darunter ein Leitfaden zu menschenrechtlichen Risiken in dem Uigurischen Autonomen Gebiet Xinjiang und ein “Salient Issue Briefing” zu den Auswirkungen von IKT-Unternehmen auf das Recht auf politische Partizipation. Bevor die Pandemie Präsenzprojekte unmöglich machte, leitete Rebecca ein Projekt für die Beratungsfirma twentyfifty, die das Bundesministerium für Arbeit und Soziales bei der Erfüllung seiner NAP-Verpflichtung unterstützte, Multi-Stakeholder-Veranstaltungen zu sektorübergreifenden Menschenrechtsthemen durchzuführen, darunter Rohstoffbeschaffung, Beschwerdemechanismen und Einkaufsverträge und -prozesse.

James studierte im Masterstudiengang Urban Management an der Technischen Universität (TU) Berlin, um neue, integrierte Ansätze in der Stadtplanung zu erlernen, um lokale Stabilität und Frieden in städtischen Umgebungen nach Konflikten zu ermöglichen. Während seiner Zeit an der TU-Berlin unternahm er Feldforschungen in Berlin, Johannesburg und Sarajevo. Seine Masterarbeit “Sarajevo Redux: Socio-Spatial Outcomes and the Perpetuation of Fragility in a Post-Conflict City” ist auf der Website der TU Berlin Urban Management Program zu finden. Mit Fokus auf das Viertel und die kommunale Ebene untersuchte die Arbeit, wie Stadtplaner dazu beitragen können, nachhaltig Frieden und Stabilität in einer städtischen Post-Konflikt-Situation zu erreichen.

Das Human Analytics Team würde gerne hören, was Sie während unseres Sabbaticals gemacht haben. Bitte zögern Sie nicht, uns Ihre Updates mitzuteilen oder sich mit uns in Kontakt zu setzen, wenn Sie unsere Hilfe benötigen. Wir sind am einfachsten per E-Mail unter info@human-analytics.net zu erreichen.

The Value-Add of the ICoCA: A ‘Strong Sword’

What is the ‘value-add’ of the ICoCA? That question surfaced occasionally at the margins of the successful annual meeting of the International Code of Conduct Association, the Swiss-based non-profit association that brings together industry, civil society, and governments to promote responsible, rights-respecting provision of private security services. The question of the ‘value-add’ is in reference to what additional benefits accrue to private security companies (PSCs), who are members of the ICoCA and submit themselves to its certification, monitoring, and grievance requirements, over solely gaining certification to the management systems standards for private security operations. To remind readers of this blog, certification to those standards – ANSI/ASIS PSC.1: 2012 and ISO 18788: 2015 – as well as submission of additional human rights-related information is currently the route to gaining ICoCA certification. PSCs hire third-party certification bodies to audit them to the management standards for which they receive a certificate.

To my mind, the ‘value-add’ of the ICoCA seems obvious. The global governance literature, which examines collective efforts (with and beyond states) to address world-wide problems, speaks to the value of multi-stakeholder initiatives. Among other things, multi-stakeholder governance ensures that relevant voices are heard, improves transparency, encourages innovative and effective solutions to problems, and generally increases the perceived legitimacy of an initiative. Yet, skeptics do not seem convinced.

Then I ran across a book chapter that I think makes a clear case for the ‘value-add’ of the ICoCA. The chapter, “The International Organization for Standardization as a Global Governor: A Club Theory Perspective,” by Assem Prakash and Matthew Potoski appears in the volume Who Governs the Globe? edited by Deborah D. Avant, Martha Finnemore, and Susan K. Sell. The ICoCA and the management system standards, ANSI/ASIS PSC.1 and ISO 18788, are examples of “clubs” created to address problems which states alone cannot or will not govern. They promise to deliver to club members and external parties certain positive benefits. For club members, the biggest benefits are better internal management, which can result in cost savings and risk mitigation, and improved reputation, which can attract clients. External parties, whether clients of the member companies or other stakeholders, can be assured that member companies are living up to ‘beyond-compliance’ standards.

That seems fairly obvious. But the problem with clubs is that they can lead to collective action dilemmas. Two in particular stand out: recruitment, i.e. attracting adequate numbers of participants, and shirking, i.e. ensuring that participants meet the club’s requirements. Attracting an adequate number of PSCs, especially small and medium sized ones, has been an ongoing discussion within the ICoCA. The chapter does not offer insights on how to do this, but it does discuss the value of a large membership in terms of realizing the branding benefits that accrue to PSCs who join the club. Clubs gain high levels of participation by “offering affordable standards which firms can profitably adopt.” However, participation should not be traded off against the stringency of standards. Prakash and Potoski warn that for club members to gain reputational and other benefits, external parties need to view clubs as credible in terms of their commitment to high standards accompanied by effective enforcement.

This brings us to the second collective action dilemma, shirking. How does one ensure that the standards members commit to are actually upheld? Simply put, through monitoring and enforcement. However, not all monitoring and enforcement programs, which the chapter dubs “swords,” are created equal. There are “strong swords,” which require third-party audits, public disclosure, and sanctioning mechanisms, “medium swords,” which necessitate third-party audits and public disclosure, and “weak swords,” which only require auditing. Prakash and Potoski, using the environmental standard ISO 14001 as a case study, argue that ISO 14001 is an example of a “weak sword club,” because ISO “is not known to sanction shirkers aggressively, and the absence of public disclosure of audit information weakens stakeholders’ ability to sanction shirking.”

Readers probably see where I am going with this. Like ISO 14001, ANSI/ASIS PSC.1 and ISO 18788 by themselves are “weak sword clubs.” In contrast, the ICoCA requires member PSCs to submit themselves to field-based monitoring, provide self-reporting, and participate in the grievance process. If companies do not do so, they can be sanctioned up to expulsion. The ICoCA also provides public annual reporting. The ICoCA is a “strong sword club.” If PSCs want to accrue all the reputational benefits, and associated commercial benefits, of participating in clubs meant to demonstrate their adherence to the law and human rights norms, then they need to be part of a “strong sword club.” The ICoCA is currently the only available “strong sword club” for the private security industry.

Continued progress in operationalizing responsible private security: ICoCA holds annual meeting

With a new tagline on its promotional materials, “bringing together industry, civil society and governments to promote responsible private security services and respect for human rights,” the International Code of Conduct Association (ICoCA) held its Annual General Assembly in Geneva last week. Human Analytics, an observer to the ICoCA, attended and as we have done in past years (2015; 2016) wanted to share updates from the meeting with readers of our blog.

Jamie Williamson, the new Executive Director of the ICoCA who now heads the nine-person Secretariat, kicked off the meeting with a review of the past year. Membership in the three pillars of the ICoCA is steady or growing. In the government pillar, seven governments continue to participate. As part of its concerted communication, outreach, and development strategy, the ICoCA is having bilateral conversations and working through international forums, like the Montreux Document Forum, to increase state participation. One welcome development was the European Parliament’s passage of a resolution this year recommending that the European Commission issue guidelines to use ICoCA-certified private security companies (PSCs) for EU contracts and urge member states to use participation in the ICoCA as a consideration in their public procurement decisions. The industry pillar currently has 101 members headquartered in 35 countries. Budget numbers, beyond revealing that the Association is on sound financial footing, indicate that the make-up of the industry pillar may be changing. More recently the strongest increases in membership have come from outside the US and UK, and membership dues from small and medium sized PSCs reflect a growing share of the Association’s revenues. The civil society organization (CSO) pillar also has become more geographically diverse. As a result of the ICoCA’s field-based review mission to Nigeria in August, which also supported the Association’s ongoing efforts to establish and maintain civil society “monitoring networks” in various regions of the world, four new African CSOs applied for ICoCA membership.

If one thing became clear from the meeting, the ICoCA is continuing to systematically operationalize its key procedures – certification, monitoring, and complaints – which enable it to exercise oversight of its member PSCs’ implementation of the International Code of Conduct for Private Security Service Providers (ICoC). With the changing composition of its member PSCs, one ongoing concern has been facilitating the access of small and medium sized PSCs to ICoCA-certification, while at the same time maintaining high standards in line with the ICoC’s human rights and humanitarian law requirements. This is a discussion that continues to occupy the Board and Secretariat, but in the interim an important resolution was passed that would allow for a two-year Transitional Membership beginning in April 2018, thereby allowing PSCs more time to work towards attaining certification while actively participating in the monitoring and complaints processes of the Association. PSCs seeking a transitional status must agree to meet certain substantive and procedural benchmarks, yet to be developed, during that period to evidence their concerted efforts to obtain certification. Currently, ICoCA-certification requires that land-based security providers first evidence a third-party certification to security operations management system standards, either ANSI/ASIS PSC.1 or ISO 18788. Seventeen member PSCs have applied for ICoCA-certification and nine have received it. Discussion at the meeting revolved in part around the costs associated with implementing and auditing to the management standards, and whether they may pose a barrier to ICoCA-certification for some PSCs.

Steps taken to develop the monitoring and complaints functions of the ICoCA in the past year are central to its efforts to evolve its oversight capacities. As noted, a field mission to Nigeria, in which six member PSCs participated, was an important step in further developing the Association’s remote monitoring capacities. It allowed engagement of member PSCs in their operating environments, assisted with the development of SOPs for field-based reviews, and helped to refine performance and compliance indicators. This mission focused in particular on practices of subcontracting, training, and selection and vetting of personnel. The latter has also been the focus of a pilot to develop operationally-oriented questions to facilitate PSCs in meeting their Company Self-Assessment reporting requirements. An on-line platform was created to allow companies to submit this information securely. Developing SOPs for receiving and processing complaints was another key effort this past year. Currently, a guidance for PSCs is being finalized, with the support of DCAF (Geneva Centre for the Democratic Control of Armed Forces), to aid companies in establishing fair and accessible grievance procedures. It is expected to be launched at the end of November.

The at times technical and time-consuming work of developing policies, SOPs, guidance, on-line tools and the like indicate that the ICoCA is maturing and moving into a new phase as a multi-stakeholder initiative. In looking to the year ahead, the ICoCA must ensure that what may be the beginning of a trend becomes institutionalized, namely growing its membership in a way that reflects the global nature of the industry and its impacted populations. To do this effectively the Association will need to continue its concerted strategic outreach program and must recognize the dynamic nature of the industry and ensure that all the relevant stakeholders are brought to the table to include key private sector clients of the industry. Perhaps most essentially, as some member PSCs now have a few years of experience under their belts in implementing the Code, this is an opportune time to share best practices and identify where challenges in meeting human rights requirements remain and opportunities for collaboration, to include with observers and other stakeholders, exist to develop human-rights-based implementation tools.

Panel: The Role of Trade Associations in Promoting Human Rights, Sustainability and CSR

Readers of this blog in the Washington, D.C. area may be interested in attending an upcoming panel discussing the role that U.S. trade associations can play in promoting human rights, sustainability, and CSR. Representatives from four different industries will share case studies of various initiatives they have undertaken and lessons learned. The US Council for International Business will be moderating the panel. The panel will be held at the offices of DLA Piper on Wednesday, Jun 21 from 12:00-2:00pm. It is free and open to the public and a light lunch will be served. Registration is requested, please RSVP to Sosseh Prom at the IBA (Sosseh.Prom@int-bar.org).

U.S. Government Releases First National Action Plan on Responsible Business Conduct

On Friday, the U.S. government released its first National Action Plan (NAP) on Responsible Business Conduct. The NAP is the culmination of a two year process launched by President Obama in 2014 to create a plan consistent with the U.S. commitment to the UN Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises. Over that time period, four stakeholder consultations were conducted across the country and numerous written submissions received. The U.S. now joins the ranks of eleven other countries that have completed NAPs on business and human rights, with the UK being the first to publish one in 2013.

With the National Security Council at the helm, the NAP was developed through the interagency process. The NAP provides a very positive perspective of U.S. companies’ leadership role around the world in following the rule of law, upholding human rights, and strengthening the communities in which they operate. It builds on the idea that “businesses can perform well while doing good and that governments should facilitate the conditions for RBC [responsible business conduct] to take place.”

The NAP contains a comprehensive (although not exhaustive) list of various ongoing and new initiatives that reflect the U.S. government’s commitment to fostering responsible business conduct, with the preponderance of the list focused to ongoing efforts. The initiatives are broken down into five categories that evidence or establish efforts to lead by example, collaborate in multi-stakeholder initiatives, facilitate responsible conduct, recognize positive performance, and provide access to remedy. A number of new action items stand out, although details are sparse. For example, readers of this blog that operate in complex environments may be interested in learning that there will be enhanced enforcement of U.S. laws related to forced labor, new research and tools on preventing trafficking in supply chains, a number of efforts related to responsible land use and reducing land conflict, greater stakeholder engagement in the extractives industry in East Africa, as well as efforts to promote corporate reporting and to consult with stakeholders on improving access to remedy, among other things.

Readers of the NAP should not expect to find: a critical assessment of the effectiveness of existing U.S. laws and regulations, multi-stakeholder initiatives, and various other efforts to promote responsible business conduct; a stock-taking of the greatest human rights challenges faced by U.S. companies in various sectors operating domestically and abroad; an appraisal of the success with which those challenges are identified and addressed and victims of abuses provided access to redress; or benchmarks against which to measure implementation, progress, and accountability to the ongoing and new initiatives identified. Despite recommendations by the International Corporate Accountability Roundtable (ICAR) and other civil society organizations and academics, the NAP process did not begin with a comprehensive National Baseline Assessment. (See here for a “shadow” National Baseline Assessment.)

That being said, the NAP does set the stage for continued advancement of responsible conduct by U.S. companies as they operate here and around the world. It enables businesses and civil society to hold the U.S. government to its commitments and provides some interesting new avenues for collaboration. Although a detailed road map is not laid out, stakeholders are encouraged to continue to provide feedback and suggestions to the Department of State via a dedicated NAP email. Ongoing engagement will be important as a new administration enters office, which as of now has not made commitments to protecting human rights from infringement by economic actors and has promised to engage in extensive deregulation.

Analyses and reactions from various stakeholders to the NAP will be appearing in the coming days and weeks, and can be found on ICAR’s dedicated U.S. NAP webpage. For those readers located in the Washington, D.C. area who are interested in hearing U.S. government and other stakeholders’ perspectives on the NAP and its development process, an event – The U.S. National Action Plan on Responsible Business Conduct: Reflections on the Way Here and the Road Ahead – will be held at the American University Washington College of Law on January 12 from 9am-12pm. The event is free and open to the public, although registration is required.

Tools for Effective and Responsible Contracting of Private Security Services

Private security companies provide services to a range of clients operating in complex and high risk environments. Increasingly state actors, to include international organizations, as well as private actors, such as companies and humanitarian assistance and human rights organizations, utilize private security providers to manage risks to their people, projects, and assets. However, if the wrong private security provider is hired, this could pose its own risks. Fortunately for clients of the private security industry, a number of tools are being developed under the leadership of the Center for the Democratic Control of Armed Forces’ Public Private Partnership Division (DCAF) that can assist with procuring private security providers that not only effectively provide quality services, but also respect human rights throughout their operations.

As noted in a previous blog post, this past July DCAF released a study detailing good practices related to States’ and international organizations’ procurement and contracting of private security services entitled Putting Private Security Regulation Into Practice: Sharing Good Practices on Procurement and Contracting 2015-2016. The study breaks down the five stages of the procurement process and provides examples of best practices for each based on the experience of a number of the Montreux Document supporting states and international organizations. The Montreux Document is the first international declaration to detail international human rights and humanitarian law obligations and good practices for states contracting security services during armed conflict and beyond. (The declaration also addresses home and territorial states as well.) DCAF serves as the Secretariat of the Montreux Document Forum and supports efforts to foster implementation of Montreux Document commitments.

Now DCAF is broadening its efforts and developing contracting guidance for private sector clients of the security industry. Earlier this month DCAF, together with the International Committee of the Red Cross, SociosPeru, and Peace Nexus, released Recommendations for Hiring Private Security Providers. Based on a pilot project with extractive companies and other stakeholders in Peru to support implementation of the Voluntary Principles on Security and Human Rights, the Recommendations detail how a company can carry out due diligence in its engagement with a private security provider from the solicitation, notice, and bidding process through to monitoring, enforcement, and accountability of the provider. The Recommendations offer detailed bullet points on the types of information Requests for Proposal should solicit in bid submissions, such as information about employees, training, equipment, and performance track records. The Recommendations also include suggested criteria for excluding or granting an award, contract provisions, and key performance indicators that can be used to monitor security providers, although these could have been more productively captured as positive goals rather than a list of violations for security providers to avoid. Interestingly, although the Recommendations state that companies should undertake a thorough risk assessment and develop a security plan prior to the bidding process, a similar recommendation is not made to private security providers suggesting that they undertake a human rights impact assessment and develop plans to manage and prevent risks. That being said, one can infer that would occur should a company limit itself to contracting with private security providers certified to security operations management system standards (ANSI/ASIS PSC.1 or ISO 18788) or by the International Code of Conduct Association, all of which require human rights risk assessment.

A second DCAF initiative currently under development is a Contract Guidance Tool which aims to support humanitarian non-governmental organizations, as well as states, international organizations, and other clients with incorporating human rights requirements into their contracts with private security providers. A recent blog post on the European Interagency Security Forum’s website announced the launch of a consultative process to solicit input from clients about their current contracting practices. Humanitarian organizations in particular are requested to fill out a questionnaire on their general contracting frameworks, contract award processes, contractual terms, and contract monitoring and accountability in order to facilitate the creation of the Contract Guidance Tool. This will be an important effort to support since, as of yet, no detailed contracting recommendations for humanitarian organizations exist. Furthermore, it is in the vested interest of the humanitarian community, which increasingly relies on security providers, to ensure that those providers align with their humanitarian missions and respect human rights in their security operations.

ICoCA Takes Important Steps to Fulfill its Mission

icoca-agaLast Thursday the International Code of Conduct Association (ICoCA) made significant advances toward fulfilling its purpose to promote the responsible provision of security services and ensure respect for human rights and international and national laws. At the ICoCA’s Annual General Assembly in Geneva, Switzerland, members of the multi-stakeholder organization voted to pass provisions that will allow private security companies (PSCs) to receive certification evidencing their adherence to the International Code of Conduct for Private Security Service Providers, as well as passing two procedures related to reporting, monitoring, and performance assessment and complaints. Thus the ICoCA has put into place all the key procedures foreseen in the Articles of Association that underpinned the founding of the organization. In addition, member due increases agreed upon by participating PSCs, governments, and civil society organizations will provide funding for additional staff to undertake these new oversight functions.

According to a statement on ICoCA certification issued by the Board, after completing a pilot for certification using ANSI/ASIS PSC.1 and updating its guidance to PSCs for submitting additional human rights related information, the Secretariat is ready to begin certifying member PSCs. An amendment to the Articles of Association was passed extending the deadline for achieving certification to September 30, 2018. Concerns about the accessibility of certification to ANSI/ASIS PSC.1, a quality assurance and risk management standard that is a prerequisite of ICoCA certification, remain. The Secretariat plans to survey member PSCs to better assess whether there are barriers to ANSI/ASIS PSC.1 certification and will pilot ways of improving access to certification. More interestingly, the ICoCA is proposing a role for itself in improving oversight of certification bodies accredited to certify PSCs to ANSI/ASIS PSC.1 through activities such as the provision of guidance on assessor competencies, interpretation of the Code, and training. This could go a long way in allaying concerns about the transparency of auditing by for-profit certification bodies paid for by PSCs. However, the success of this new oversight capacity will hinge on effective engagement with certification bodies. Fortunately, a number of them participate as observers to the ICoCA.

The ICoCA Article 12 procedure on reporting, monitoring, and assessing performance and compliance was successfully passed by members. To enable these oversight requirements, the Board will develop indicators on all elements of the Code, beginning with the provisions on the use of force, apprehending persons, prohibition of torture or other cruel, inhuman, and degrading treatment or punishment, and training of personnel. Participants at the meeting stressed the importance of prioritizing the development of indicators in areas where PSCs experienced human rights related challenges, such as workplace rights issues. In preparation for field-based reviews – which can be undertaken if the review of available information or a human rights risk assessment has identified a need for further monitoring, if there is a request from an ICoCA member, or if exigent circumstances warrant it – the Secretariat conducted a pilot field-based review in East Africa with the participation and support of three member companies. The pilot focused to screening and vetting and training of personnel. In addition, the ICoCA plans to conduct outreach to external stakeholders to create a network of contacts and sources of information in key areas of member companies’ operations.

The ICoCA Article 13 procedure on receiving and processing complaints was also affirmed by members. The creation of effective complaints and grievance mechanisms has posed a challenge for a number of multi-stakeholder initiatives, and the ICoCA has set itself apart from the rest with this new procedure. The Secretariat will now be in a position to offer member PSCs advice on how to improve their grievance mechanisms to meet the provisions of the Code. Should the Board determine that a complaint cannot be appropriately addressed by a company-level grievance mechanism or that the mechanism of a member PSC does not meet the requirements of the Code, the Secretariat can use its good offices to recommend external mediators or provide information regarding alternative grievance mechanisms that may provide effective remedy for complainants.  Should a complaint potentially rise to the level of a criminal activity, the ICoCA may report that violation to one or more competent authorities for possible investigation and prosecution of the crime.

Overall, the ICoCA is in a state of good organizational health, with strong finances, significant staffing, and active participation of PSCs, governments, and civil society organizations. The ICoCA currently has 98 member PSCs, with additional new applicants being processed in a timely fashion. Significantly, the geographical diversity of those applicants is increasing, although the greatest number of member PSCs remain U.S. and UK companies. This diversity may continue to grow in light of planned outreach and efforts to identify and address any barriers to certification. However, it remains to be seen what impact the agreed upon dues increases will have on membership numbers. Undoubtedly, with only six governments currently involved, greater participation of States, as both regulator and clients of the industry, would be preferable. To that end, the Secretariat continues to engage with the States participating in the Montreux Document Forum. The 17 civil society participants are located across four continents, and the creation of the above mentioned network may serve to grow the diversity in this pillar as well.

This Annual General Assembly represents an important turning point for the ICoCA. It is now in a position to fulfill its mission and promote the responsible, rights-respecting provision of security services. Finding agreement in a multi-stakeholder setting is never an easy task, and the ICoCA has come a long way in a respectable amount of time. If these procedures are implemented as planned, the ICoCA is poised to truly be an exemplary multi-stakeholder initiative.

New Standards for CBs Certifying Private Security Companies to ANSI/ASIS PSC.1 and ISO 18788 Open for Public Comment

Readers, who have been closely following standard setting for private security companies (PSCs), may be interested in opportunities to comment on two new standards for Certification Bodies (CBs) certifying PSCs to ANSI/ASIS PSC.1-2012 and ISO 18788-2015 – the two leading management system standards for PSC operations. The United Kingdom Accreditation Service (UKAS), the British organization responsible for accrediting CBs, has opened a public comment period until August 31 for the UKAS Guidance for Certification Bodies Certifying the Management Systems of Private Security Companies against ANSI/ASIS PSC.1: 2012 or ISO 18788: 2015. Its American equivalent ANAB (ANSI-ASQ National Accreditation Board) has released Accreditation Rule 40 (AR 40).* The Guidance and AR 40 apply to CBs seeking accreditation to assess and certify PSCs’ security operations management systems built on ANSI/ASIS PSC.1-2012 and/or ISO 18788. ANAB’s public comment period is open until September 5.

Although serving similar purposes, it is interesting to note the differences in approach taken by UKAS and ANAB. UKAS states that it will accredit CBs to certify to ANSI/ASIS PSC.1-2012 and/or ISO 18788 using ISO 17021-1. ISO 17021 is the International Organization for Standardization’s generic Conformity Assessment standard for CBs providing audit and certification of management systems. The Guidance does note that it provides guidance on ISO 17021-1 and ANSI/ASIS PSC.2-2012, but it does not explicitly state that it requires CBs to adhere to ANSI/ASIS PSC.2 for accreditation purposes. By way of reminder to readers, ANSI/ASIS PSC.2-2012: Conformity Assessment and Auditing Management Systems for Quality of Private Security Company Operations provides requirements and guidance for conducting conformity assessment of ANSI/ASIS PSC.1-2012. It is a sector specific standard based on ISO 17021. In contrast, ANAB’s AR 40 states that ANSI/ASIS PSC.2-2012 is a required document. The length of UKAS’s Guidance, in particular the extensive detailing of auditor/audit team competences, is likely a result of failing to explicitly make ANSI/ASIS PSC.2 a required document. ANSI/ASIS PSC.2 already covers in depth required competences, and unlike the Guidance also discusses the needed training and experience of auditors as well as requirements for screening and vetting auditors. One thing is certain, all three documents make it clear that auditors must have a wide variety of skills relevant to assessing the responsible provision of security services in complex environments, to include human rights expertise.

Another strong point of ANAB’s AR 40 is the useful Annex at the end, which compares and contrasts the requirements of ANSI/ASIS PSC.1-2012 and ISO 18788. While the two management system standards are very similar, there are differences of which auditors need to be aware. ISO 18788 cites the UN Guiding Principles on Business and Human Rights as a normative reference. This has resulted in some stronger human rights provisions in ISO 18788. For example, human rights risk analysis is now a clearly articulated requirement. In addition, there are a few new requirements that were not in ANSI/ASIS PSC.1-2012 related to apprehension and search and operations in support of law enforcement. That being said, the Annex is a surface comparison of requirements, and auditors will need to do a comparative deep-dive to capture the nuances in terms of improvements to ANSI/ASIS PSC.1-2012 that found their way into ISO 18788.

While perhaps not the most exciting reading material, both the Guidance and AR 40 are key documents not only for CBs and their auditors, but also for PSCs seeking certification to ANSI/ASIS PSC.1-2012 and/or ISO 18788. They can assist PSCs with grasping the certification process, understanding what elements of a management system auditors will assess, and providing a sense of the type of competences to look for in a CB.

* For purposes of disclosure, Human Analytics’ Rebecca DeWinter-Schmitt served on the Committee of Experts that drafted AR 40.

ICoCA Opens Pathway to Certification for Private Maritime Security Companies

It is now possible for Private Maritime Security Companies (PMSCs) to receive independent, third party certification to the International Code of Conduct for Private Security Service Providers (ICoC) via the International Code of Conduct Association (ICoCA). On Friday of last week, the multi-stakeholder ICoCA announced the release of a recognition statement for ISO 28007-1: 2015 Ships and marine technology – Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract), ISO 28007 in short.

(Readers of Human Analytics’ Human Rights in Complex Environments blog may remember that we reported in February on the ICoCA’s release of an ISO 28007 draft recognition statement for public comment. The compilation of those comments is available here.)

As with the ICoCA recognition statement for the land-based security standard, ANSI/ASIS PSC.1-2012: Management System for Quality of Private Security Company Operations (PSC.1), the ISO 28007 recognition statement is accompanied by an Annex A analyzing the gaps between ISO 28007 and the ICoC and an Annex B summarizing the additional information, related to the human rights and humanitarian law requirements of the ICoC, that PMSCs must supply to the ICoCA. Unlike PSC.1, which has the ICoC as a normative reference, ISO 28007 did not and the gaps are not insignificant. (Despite some improvements in the human rights content of the ISO 28007 standard as it evolved from a PAS to an ISO guideline.) In addition to the failure of ISO 28007 to include human rights in PMSCs’ risk assessment process, four areas evidence the greatest number of gaps, namely requirements regarding employment policies, incident reporting practices, training programs, and grievance mechanisms.

Beyond this additional information, PMSCs must provide to the ICoCA the scope of their certification to ISO 28000 Specification for security management systems for the supply chain (the ISO standard that is actually auditable by certification bodies and to which ISO 28007 provides additional guidance), any non-conformities identified during the auditing process, corrective action plans, and details on their Human Rights Risk Assessment process. Only certificates lent by certification bodies accredited by recognized national accreditation bodies will be accepted by the ICoCA. Currently MSS Global and Lloyd’s Register Quality Assurance Limited are the only accredited certification bodies to audit to ISO 28000/28007. Both were accredited by the UK Accreditation Service.

Although more information will be forthcoming in terms of how the ICoCA will process certifications, the organization is poised to play an important role in increasing respect for human rights in the private maritime security industry. While the UK Accreditation Service has released guidance for certification bodies auditing to ISO 28000/28007, which clearly states that human rights competence is a must for auditors, this has limited effect in light of the weak human rights provisions in ISO 28007. Auditors can only audit to what is in the standard. Therefore, by gathering this additional human rights related information, the ICoCA can contribute to raising the bar by scrutinizing what human rights due diligence measures PMSCs have in place to identify, prevent, mitigate and account for how they address their adverse human rights impacts.

However, when assessing the information submitted to it by PMSCs, the ICoCA should draw on the expertise of its membership, to include organizations in the civil society pillar, such as Oceans Beyond Piracy/One Earth Future Foundation. As comments submitted by Oceans Beyond Piracy indicate, there are specificities to maritime security provision, to include differences in human rights risks and regulatory environments, that are not well-captured by the ICoC, which was drawn up with land-based security in mind. This is why the ICoC (Article 7) foresaw “the development of additional principles and standards for related services, such as… the provision of maritime security services,” beyond those already in the ICoC. Furthermore, as comments from MSS Global and two ICoCA member companies indicate, the scope of any ISO 28000/28007 certificate will also need to be scrutinized to ensure that it captures operations, beyond the Indian Ocean and High Risk Area, where human rights risks may be equally, if not more so, relevant to any PMSC’s compliance with the ICoC. Should the ICoCA be able to muster such informed scrutiny, and should PMSCs be willing to subject themselves to it, it is foreseeable that there will be an increase in PMSCs respect for human rights.

New Tools for States and Companies Assist with Better Governance of the Private Security Industry

V3 Cover pictureIn the last few months, the Geneva Centre for the Democratic Control of Armed Forces (DCAF) has released three new tools to help States better regulate private security companies (PSCs) and PSCs ensure the responsible provision of security services. An international foundation headquartered in Geneva, DCAF has distinguished itself for the leading role it has played in fostering private security governance by providing research and practical tools, promoting the sharing and implementation of regulatory best practices, and supporting the development of international consensus on norms and standards for the industry.

First, in its role as Secretariat for the Montreux Document Forum (MDF), DCAF issued in June a Legislative Guidance Tool for States to Regulate Private Military and Security Companies. The MDF was established to assist States with implementing the legal obligations and Good Practices outlined in the Montreux Document on pertinent international legal obligations and good practices for States related to operations of private military and security companies during armed conflict (Montreux Document) by sharing lessons learned and best practices. Currently the MDF has 53 participating States and three international organizations (EU, NATO, OSCE). The Legislative Guidance Tool was presented to the MDF participating States as a resource for implementing their Montreux Document commitments in national laws and regulations. However, whereas the Montreux Document is primarily applicable to States’ governance of private military and security companies (PMSCs) during armed conflict (although with relevance beyond armed conflict), the Legislative Guidance Tool has a wider remit recognizing that the privatization of security services is equally prevalent in the domestic context. Therefore, the Tool has the dual purpose of capturing existing national legislation, policies, and best practices, as well as offering guidance to lawmakers to develop and improve national legislation to bring it in line with international obligations and recognized good practices. It draws on the guidance in the Montreux Document, but also a range of other hard and soft law international frameworks.

As the Legislative Guidance Tool points out, “existing national laws are not always clear on how a State’s international human rights obligations apply to and govern the operations of PMSCs.” The Tool breaks down the national regulatory framework into seven areas that may pose challenges. These revolve around key issues such as including an explicit expectation that companies respect human rights, determining the applicability of legislation in terms of defining the scope of the industry and ensuring adherence extraterritorially, and making determinations about what types of services are permitted and prohibited. Other issues addressed include establishing an authority that is enabled to oversee and control PMSCs’ activities, creating laws to authorize and license companies, and vetting and selection of PMSCs for States that contract with PMSCs. The final two chapters address incorporating provisions into national legislation that address the obligations of PMSCs and their personnel to take steps to avoid committing harmful acts, and that ensure adequate accountability for harms and effective remedies for victims of abuses.

In all, 32 separate challenges are identified and analyzed, and recommendations and examples of good practice are provided to address them. Armed with such detailed guidance on the nature of effective legislation, the MDF could move beyond being primarily a dialogue forum and could push for legislative reform by requiring member States to report annually on their progress in implementing their Montreux Document commitments and assessing those reports against these good practices.

Second, honing in specifically on good practices related to States’ and international organizations’ procurement and contracting of private security services, DCAF also recently released a scoping study entitled, Putting Private Security Regulation Into Practice: Sharing Good Practices on Procurement and Contracting 2015-2016. The study examines how the power of the purse string offers one strategy for ensuring better private security governance. Four key international regulatory initiatives, three directly relevant to private security (the Montreux Document, the International Code of Conduct for Private Security Service Providers, and the draft of a possible convention on PMSCs) and one with broader applicability to all companies (the UN Guiding Principles on Business and Human Rights), have established that States can use their extensive commercial transactions as a means to promote respect for human rights by companies.

The study breaks down the five stages of procurement and provides examples of best practices for each drawing on key contracting States’ (US, Switzerland, and Australia) and international organizations’ (EU, UN, NATO, and OSCE) experiences. The five stages of public procurement are 1. Needs Assessment, Authority, Scope of Application and Principles, 2. Solicitation and Notice, 3. Evaluation of Potential Contractors, 4. Contract, and 5. Monitoring, Enforcement, and Accountability. A notable contribution of the study are the annexes providing concise summaries of the procurement regulations of the EU, UN NATO, and OSCE. What is not addressed in the study is the extent to which these types of procurement best practices are actually being implemented across the broader set of Montreux Document participating States, and whether contracting authorities are adequately trained and resourced to ensure high human rights related standards in contracts and sufficient monitoring and accountability; these latter shortcomings in adherence to the Montreux Document were raised by DCAF in a report last year, Progress and Opportunities: Challenges and Recommendations for Montreux Document Participants.

Finally, DCAF has been equally involved in participating and supporting various multi-stakeholder initiatives, such as the Voluntary Principles on Security and Human Rights, and developing tools and other resources to assist companies operating in high risk environments with meeting their human rights responsibilities. Last month, together with the International Committee of the Red Cross, DCAF released the third version of its online toolkit Assessing Security and Human Rights Challenges in Complex Environments, which is available on the Security and Human Rights Knowledge Hub. Human Analytics has blogged in the past on earlier versions of the Toolkit. Much like other DCAF tools, the Toolkit is structured around challenges, in this case those that companies face when operating in complex environments such as working with host governments, public security forces, and private security provides. The Toolkit identifies “real-life” operational challenges and provides good practices and recommendations to address them, as well as practical tools, such as checklists, case studies, and additional resources, many of which are available on the Knowledge Hub. It is imminently useful and readily accessible, as users can simply click on a particular challenge they face, which will take them to a page with recommendations to address that challenge.

The most recent version of this “living document” contains an updated Chapter 1 Working with host governments, as well as a completely new chapter, Chapter 4 Working with communities, which addresses managing relations with local communities. As the Toolkit rightfully notes, maintaining positive relations with local communities, which is essential to a company’s social license to operate and can bring reputational gains as well as mitigate operational risks, can be difficult to achieve. Companies often face resistance because of long standing grievances related to the operating context which have gone unaddressed such as “employment, land, environment, compensation, resettlement, and negative legacies from previous company projects.” The chapter details a total of 18 challenges related to strategies for stakeholder engagement; the means to share information and effectively consult and elicit consent; internal management challenges related to stakeholder engagement; and the security impacts of operations on local communities and, from the reverse perspective, the community’s impact on company security. The chapter also offers some overarching recommendations that highlight the importance of understanding the local context and adequately assessing related risks, which includes understanding the stakeholder landscape. Local stakeholders’ comfort with participation increases with engagement processes that are inclusive, transparent, responsive to local communities needs and interests, respectful of local culture, and involve communities in identifying problems and creating solutions. Stakeholder engagement is an ongoing process relevant throughout the lifecycle of an activity and can involve a significant amount of resources and time. However, not doing it well can be just as costly, if not more.

The release of DCAF’s new tools provide evidence that the security industry and its stakeholders have largely found consensus on the normative expectations for the responsible provision of security services, both in terms of State obligations as regulators and clients of the industry and corporate responsibilities to respect human rights. But even more so, they demonstrate that we are moving beyond a phase of expectation setting into a new phase of practical implementation. These tools from DCAF can aid both States and PSCs in this new phase, if they are applied. It is the collective responsibility of the industry, governments, civil society, and other stakeholders to make sure this happens.

Convicted Former Blackwater Guards Challenge Use of MEJA

According to Law360, the four former Blackwater guards convicted in the 2007 Nisour Square shooting of 17 Iraqi civilians argued before the DC Circuit that the Military Extraterritorial Jurisdiction Act (MEJA) should not have been used to prosecute them. While challenging most elements of the government’s case, they claim in particular that as State Department contractors providing diplomatic security, they were not directly supporting the Defense Department’s reconstruction efforts in Iraq. Their argument has been backed by the National Association of Criminal Defense Lawyers. The four men are seeking acquittal or at a minimum new trials. Once again evidence, as we argued in a past blog post, for the need to pass the Civilian Extraterritorial Jurisdiction Act (CEJA). Why should State Department contractors working overseas not be subject to the same laws that apply to Defense Department contractors?

REMINDER: Register for Corporate Responsibility for Federal Contractors June 9 Webinar

The Society of American Military Engineers is hosting a webinar, entitled Corporate Responsibility for Federal Contractors, on Thursday, June 9 from 1:00pm-2:30pm. Human Analytics’ Rebecca DeWinter-Schmitt will discuss procurement requirements related to the responsible provision of security services. Foley Hoag’s Sarah Altschuller will address new requirements to combat trafficking in persons.

Federal contractors impacted by requirements related to the prevention of human trafficking and the provision of private security services, and who want to familiarize themselves with these new regulations and develop the needed policies and systems to implement them, will benefit from participation in this webinar.

The U.S. Government (USG) is the world’s single largest purchaser of a wide range of goods and services. Increasingly, the USG recognizes that its procurement power can be used to promote responsible business conduct by its contractors. Two recent developments in federal acquisition regulations exemplify this trend, namely new requirements related to combating trafficking in persons and to promoting the responsible provision of private security services.

These changes in federal acquisition regulations reflect a commitment by the USG to observing international standards for responsible business conduct. These requirements are consistent with the USG’s current effort to develop a National Action Plan on Responsible Business Conduct, which will outline its efforts to implement the provisions of the OECD Guidelines for Multinational Enterprises and the U.N. Guiding Principles on Business and Human Rights. As part of that process, the USG sees its procurement policy as one way to fulfill its obligation to protect people from human rights infringements linked to business activities.

This webinar should be of particular interest to contracting and compliance representatives, in-house counsel, and government relations staff. To register, click here.

Certifying Private Security Companies’ Human Rights Performance: Not All Certificates Are Created Alike

http://hrbrief.org/2016/05/certifying-responsible-private-security-companies-assessing-implementation-transparency-disclosure-provisions/
http://hrbrief.org/2016/05/certifying-responsible-private-security-companies-assessing-implementation-transparency-disclosure-provisions/

A growing number of private security companies (PSCs) providing security services overseas to the U.S. Department of Defense (US DoD) and U.S. Department of State (US DoS) are becoming certified by third party auditors as a means of demonstrating their adherence to international human rights and humanitarian law standards. However, newly released research by American University Washington College of Law’s Dean’s Fellow David Sebstead indicates significant inconsistency in PSCs’ adherence to standards based on publicly available information. In his Human Rights Brief article, Certifying Responsible Private Security Companies: Assessing the Implementation of Transparency and Disclosure Provisions, Sebstead found that certification may not be enough to assure clients of PSCs and the public that they are fulfilling their human rights responsibilities.

The increased use of PSCs in the wake of the Iraq and Afghanistan conflicts, and associated concerns about their human rights impacts, led to the emergence of a transnational governance framework comprised of declarations, codes of conduct, and management standards to ensure more effective governance and oversight of PSCs. A central component of this governance framework is the ANSI/ASIS PSC.1 – 2012 Management System for Quality of Private Security Company Operations (ANSI/ASIS PSC.1). A quality assurance and human rights risk management standard, its creation was funded by the US DoD. Currently, the US DoD requires the PSCs it utilizes to demonstrate compliance to it, or a related International Organization for Standardization standard (ISO 18788), which was based on ANSI/ASIS PSC.1. One way of demonstrating compliance is for a PSC to hire a certification body to audit its conformance to PSC.1, for which it receives a certificate.

Similarly, the US DoS requires its overseas security contractors also to demonstrate compliance with ANSI/ASIS PSC.1, and to be a member in good standing of the International Code of Conduct Association (ICoCA). The ICoCA is a multi-stakeholder initiative, comprised of governments, PSCs, and civil society organization and headquartered in Geneva, which assures that its member PSCs adhere to the International Code of Conduct for Private Security Service Providers (ICoC). The ICoC details international human rights and humanitarian law responsibilities of PSCs operating in complex environments. The ICoCA certifies its member PSCs, and currently the only route to certification is by evidencing certification to ANSI/ASIS PSC.1 by an accredited certification body in addition to providing human rights information in particular related to the PSC’s human rights risk assessment process.

Examining 13 PSCs that have received ANSI/ASIS PSC.1 certification, Sebstead found fairly significant discrepancies in their conformance to the management standard. He rated the 13 PSCs on their demonstrable conformance to four requirements of ANSI/ASIS PSC.1 which would necessitate that PSCs share publicly information about their adherence to the standard. These included the scope of their certification, which indicates the parts of the PSC’s operations that were actually audited by a certification body; their statement of conformance, the public commitment by management to respect applicable national and local laws and human rights; the availability of a grievance mechanism, which allows third parties to submit complaints to companies when they do not meet their human rights commitments; and the communication of their human rights risk assessment process.

Aggregating these four public facing components of demonstrable conformance to ANSI/ASIS PSC.1, Sebstead created an overall score of effective implementation of these components for the 13 PSCs ranging from poor (0) to very good (3). No PSC received a perfect score, but in the top three places were Garda World Consulting at number one, Aegis Defense Services and Britam Defence tied for second place, and Edinburgh International and Oliver Group tied for third place.

Disaggregating the data for a moment, what does this information tell us? Regarding the certificate scope, six of the 13 PSCs simply posted their certificates to their websites. Yet many did not provide enough information to determine the extent of their certification. In other words, some large, multinational PSCs lay claim to a PSC.1 certification, but do not share publicly exactly which parts of their operations have actually been subjected to a third party audit. Nine out of 13 companies scored well on their statements of conformance, although surprisingly a few were weak on making explicit their commitment to respect human rights. PSCs were also inconsistent in terms of the quality of their grievance mechanisms, with only six out of 13 actually providing a detailed procedure explaining to those who submit complaints the process for addressing those complaints.

Finally, the most important means for a PSC to address its human rights impacts is to first undertake a human rights risk assessment process to identify its potential and actual impacts. However, only seven of 13 PSCs made any mention of having any type of human rights risk assessment process in place. While this does not preclude the possibility that they may actually be assessing human rights risks related to their operations, it would seem important to demonstrate publicly that they take their human rights due diligence responsibilities seriously.

As Sebstead rightfully points out, “embedding a commitment to respect human rights in management systems is an important first step, but adequately identifying and mitigating actual human rights impacts on the ground in host states where PSCs operate is essential.” The “black box” of certification needs to be opened up to better understand what types of methodologies and metrics are being used by certification bodies when they seek evidence of conformance to the human rights components of ANSI/ASIS PSC.1. Here the ICoCA can play a greater role as it can request information from its member PSCs about their certifications. Clearly, the ICoCA is already moving in this direction by requiring additional human rights related information from PSCs with an ANSI/ASIS PSC.1 certificate. But it would help strengthen the robustness of the system if not only there were more assurances about the consistency of the quality of ANSI/ASIS PSC.1 certificates, but also more transparency in terms of both the embedding of human rights commitments into policies and processes and the outcomes of those commitments on actual respect for human rights.

 

REMINDER: Register for Companies and Climate Change

Companies and Climate Change flyer_April 29

Next week Thursday, May 5 “Companies and Climate Change: Legal Liability and Human Rights Challenges After Paris/COP21 is being held in Washington, D.C. from 2:30-5:30pm as an official side event of Climate Action 2016. A multi-stakeholder summit, Climate Action 2016 is the first major international event on the implementation of the Paris Agreement since it was adopted by governments at COP21 in 2015. Summit co-hosts include the United Nations, World Bank, University of Maryland, and the World Business Council on Sustainable Development.

Climate Change is the defining issue of our time.  In the coming decade and beyond, every major commercial enterprise will feel its impact, some more severely than others.   In the wake of the Paris Agreement, it is now clear that pressure on businesses to reduce carbon emissions and to help mitigate the impact of climate change will increase.  It is almost certain that we will see an increase in the use of laws, regulations, lawsuits and the threat of lawsuits to accelerate the pace at which businesses address climate-related issues.  What can businesses expect in the coming years? What liability might businesses face for economic damages and human rights impacts attributed to climate change?  What can businesses do today to avert climate-related challenges tomorrow?  How does doing the right thing with respect to climate change also make good business sense?  Companies and Climate Change will address these and other questions. This event is co-hosted by the International Bar Association, Washington College of Law’s Center for Human Rights & Humanitarian Law, Business and Human Rights Resource Center, Center for International Environmental Law, Institute for Human Rights and Business, and Sidney Austin LLP.

Please register by clicking the following link:  RSVP.  You will be asked to provide your email address before being prompted to provide basic registration information.  By registering, you will enjoy free access to the two sessions from 2:30–5:30pm, but not the entire Climate Action 2016 summit.  If you are interested in attending the entire summit, please send a request to Sosseh Prom (Sosseh.Prom@int-bar.org), and your request will be transmitted to the summit organizers.

 

WEBINAR: Corporate Responsibility for Federal Contractors

The Society of American Military Engineers is hosting a webinar, entitled Corporate Responsibility for Federal Contractors, on Thursday, June 9 from 1:00pm-2:30pm. Human Analytics’ Rebecca DeWinter-Schmitt will discuss procurement requirements related to the responsible provision of security services. Foley Hoag’s Sara Altschuller will address new requirements to combat trafficking in persons.

Federal contractors impacted by requirements related to the prevention of human trafficking and the provision of private security services, and who want to familiarize themselves with these new regulations and develop the needed policies and systems to implement them, will benefit from participation in this webinar.

The U.S. Government (USG) is the world’s single largest purchaser of a wide range of goods and services. Increasingly, the USG recognizes that its procurement power can be used to promote responsible business conduct by its contractors. Two recent developments in federal acquisition regulations exemplify this trend, namely new requirements related to combating trafficking in persons and to promoting the responsible provision of private security services.

These changes in federal acquisition regulations reflect a commitment by the USG to observing international standards for responsible business conduct. These requirements are consistent with the USG’s current effort to develop a National Action Plan on Responsible Business Conduct, which will outline its efforts to implement the provisions of the OECD Guidelines for Multinational Enterprises and the U.N. Guiding Principles on Business and Human Rights. As part of that process, the USG sees its procurement policy as one way to fulfill its obligation to protect people from human rights infringements linked to business activities.

This webinar should be of particular interest to contracting and compliance representatives, in-house counsel, and government relations staff. To register, click here.

Companies and Climate Change: Legal Liability and Human Rights Challenges After Paris/COP21

Companies and Climate Change FlyerThe International Bar Association, Washington College of Law’s Center for Human Rights & Humanitarian Law, Business and Human Rights Resource Center, Center for International Environmental Law, Institute for Human Rights and Business, and Sidney Austin LLP are pleased to invite you to attend “Companies and Climate Change: Legal Liability and Human Rights Challenges After Paris/COP21,” which is being held in Washington, D.C. from 2:30-5:30pm on May 5.  It is an official side event of Climate Action 2016, a multi-stakeholder summit being held in Washington, D.C. on May 5-6.  Climate Action 2016 is the first major international event on the implementation of the Paris Agreement since it was adopted by governments at COP21 in 2015. Summit co-hosts include the United Nations, World Bank, University of Maryland, and the World Business Council on Sustainable Development.

Climate Change is the defining issue of our time.  In the coming decade and beyond, every major commercial enterprise will feel its impact, some more severely than others.   In the wake of the Paris Agreement, it is now clear that pressure on businesses to reduce carbon emissions and to help mitigate the impact of climate change will increase.  It is almost certain that we will see an increase in the use of laws, regulations, lawsuits and the threat of lawsuits to accelerate the pace at which businesses address climate-related issues.  What can businesses expect in the coming years? What liability might businesses face for economic damages and human rights impacts attributed to climate change?  What can businesses do today to avert climate-related challenges tomorrow?  How does doing the right thing with respect to climate change also make good business sense?  Companies and Climate Change will address these and other questions.

Please register by clicking the following link:  RSVP.  You will be asked to provide your email address before being prompted to provide basic registration information.  I should note that, by registering, you will enjoy access to the two sessions from 2:30–5:30pm, but not the entire Climate Action 2016 summit.  If you are interested in attending the entire summit, please send a request to Sosseh Prom (Sosseh.Prom@int-bar.org), and your request will be transmitted to the summit organizers.

 

New Report on Implementing the UN Guiding Principles in the Maritime Sector

HRs at Sea coverThe Human Rights at Sea initiative has released a new report, An Introduction and Commentary to the 2011 UN Guiding Principles on Business and Human Rights and their Implementation in the Maritime Environment. The report provides a simple introduction to the UN Guiding Principles (UN GPs), makes the business case for companies in the maritime sector to implement their responsibility to respect human rights and warns of the commercial, legal, reputational, and operational risks of not doing so, and provides some examples of human rights abuses associated with the maritime sector. The report also discusses the uptake of the UN GPs through the development of National Actions Plans, such as that of the UK government, and their incorporation into various soft law instruments.

All of these issues have been addressed in more depth in other publications. But as Business and Human Rights Resource Center’s Executive Director Phil Bloomer suggests in the foreword, what makes this report stand out is that it is the first effort to launch a more comprehensive discussion in the maritime sector about its human rights responsibilities and how to meet them. This discussion has been happening in bits and pieces and mostly in response to reports of severe abuses.

For example, the New York Time series, The Outlaw Ocean, drew attention to lawlessness on the high seas and in particular the impunity for gross human rights abuses such as the use of forced and slave labor in the fishing industry. In February, President Obama signed a law closing a loophole in the 1930 Tariff Act that allowed the importation of goods made with slave labor, to include seafood caught using forced labor in south-east Asia.

As noted in a previous blog, concerns about the use of private armed security personnel on board ships in response to piracy threats resulted in the development of an ISO standard (ISO 28007-1: 2015), which explicitly references the UN GPs in the introduction and requires that companies develop human rights policies. Maritime security providers certified to ISO 28007-1 will soon have the opportunity to solicit certification to the International Code of Conduct for Private Security Service Providers (ICoC) if they provide some additional information on their human rights due diligence efforts, as foreseen in the draft recognition statement released by the ICoC Association.

Recently Maersk Group released its 2015 Sustainability Report detailing how it had undertaken a human rights due diligence process based on the UN GPs for all the business activities of the Group, thereby becoming the first large shipping line to undertake such a process. Although, as pointed out in the Human Rights at Sea report, Maersk is still plagued by human rights issues, such as using ship breaking facilities in India with a record of labor rights abuses.

The maritime environment as defined in the report is complex and encompasses multiple business actors, including those designing and manufacturing ships, operating shipping, cruise, and fishing fleets, brokerage services, ship yards, dry-docks, port construction, freight-forwarding, insurance, seafarer recruitment, and maritime security services. Most businesses in the maritime sector have not begun to consider the significance of the UN GPs or recognized their responsibility to respect human rights in their own business activities and throughout their supply chains. Hopefully, the Human Rights at Sea report will contribute to furthering that discussion throughout the sector.

Panel on Business Challenges and Human Rights

On April 12, Human Analytics’ Rebecca DeWinter-Schmitt will be speaking on a business and human rights panel at the 25th anniversary celebration of the Center for Human Rights and Humanitarian Law. Rebecca is pro bono Director of the Human Rights in Business Program at the Center. The panel entitled, Business Challenges and Human Rights: The Case of Apple, will discuss issues faced by the company such as ensuring users’ right to privacy, the sourcing of electronic components containing minerals mined in conflict zones, and the manufacturing of electronic equipment in factories implicated in workplace abuses, as well as Apple’s response to these challenges. Other panels include international standards in the fight against torture, promoting human rights in the U.S., and advancing human rights through impact litigation. The event is free and open to the public, but registration is required.

25th Anniversary Conference Flyer final

ICoCA Releases Draft Statement Recognizing Private Maritime Security Companies Standard

The International Code of Conduct Association (ICoCA) has announced the release of a draft recognition statement in accordance with its certification procedure for ISO 28007-1: 2015 Ships and marine technology – Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract) – or ISO 28007 in short. What is the significance? PMSCs that are members of the ICoCA now have a chance to become ICoCA certified. They will need to evidence their certification by an accredited certification body to ISO 28000 Specification for security management systems for the supply chain, using the additional guidance provided in ISO 28007, as well as provide some additional human rights related information derived from the International Code of Conduct for Private Security Service Providers (ICoC).

As noted in a blog post Human Analytics wrote after the release of ISO 28007 last year, New ISO Standard for Private Maritime Security Companies Reflects Some Progress on Human Rights, the new standard contains some improvements relative to the previous ISO/PAS 28007 (PAS = Publicly Available Specification), which was nearly devoid of any reference to the corporate responsibility to respect human rights. One marked improvement is the insertion of a reference to the UN Guiding Principles on Business and Human Rights (UN GPs) in the introduction, as well as the need for an explicit human rights policy. But the blog also noted that there remain a number of human rights shortcomings in ISO 28007, certainly relative to the expectations of companies laid out in the UN GPs, including the need to undertake a human rights due diligence process, prioritize human rights risks identified though a risk assessment process based on their scope and severity, and remediate negative human rights impacts.

The gaps between the human rights and humanitarian law principles of the ICoC and the requirements and guidelines of the ISO 28000/ ISO 28007 are evidenced in the rather extensive additional human rights related information requirements for ICoCA certification detailed in Annex B to the draft recognition statement. In addition to the failure of ISO 28007 to include human rights in the company’s risk assessment process, four areas evidence the greatest number of gaps, namely requirements regarding employment policies, reporting practices, training programs, and grievance mechanisms. Among some of the key gaps are failures to require an anti-discriminatory employment policy; ensure that passports, travel documents, and identification materials of personnel are only held as long as reasonably necessary; ensure that all employment documents are in writing and in a language understood by personnel; include relevant international and human rights law provisions in reporting requirements; require training on international human rights law; and ensure that grievance mechanisms are publicly available and operate in a fair, prompt, impartial, and confidential fashion. Annex B contains a complete list of gaps.

Topics not mentioned in Annex B, where the ICoCA may want to push for additional information are:

1) ensuring that, in line with the UN GPs, when PMSCs evaluate and prioritize risk controls, management, mitigation, and treatments that they prioritize addressing human rights risks based on their scope and severity;

2) including indications of prior involvement in human rights violations, which in some countries may not be captured in criminal background checks, employment histories, and military and law enforcement service records, in the selection and vetting criteria for personnel and subcontractors, as required in ICoC paragraphs 48 and 51;

3) evidencing that personnel receive mandatory training in reporting requirements related to the types of crimes and human rights violations laid out in ICoC paragraph 22; and

4) ensuring that grievance mechanisms offer effective remedies to victims of negative human rights impacts as foreseen in ICoC paragraph 67 a). The remediation of harms caused by PMSCs’ activities is not addressed anywhere in ISO 28007.

While certainly an opportunity for PMSCs to improve their human rights performance, it will be interesting to see how many of them actually seek ICoCA certification. While nearly half of the original ICoC signatories were PMSCs, at this point many no longer exist – having closed shop after the decline in piracy off the coast of Somalia – or chose not to become transitional members of the ICoCA once it was formed in late 2013. ICoC paragraph 7 foresaw “the development of additional principles and standards for related services, such as… the provision of maritime security services.” The review of ISO 28007 was carried out based on a comparison to the ICoC’s current provisions, and not after consideration of developments in the maritime security industry which may require additional principles and standards to capture the unique nature of the industry’s security operations and human rights impacts. Furthermore, the development of additional principles by the ICoCA for the provision of maritime security was to happen after the establishment of “objective and measurable standards for providing Security Services based upon this Code” and the development of “external independent mechanisms for effective governance and oversight” (to include certification, auditing, monitoring, reporting, and grievance procedures). It is interesting that the ICoCA chose to prioritize reviewing ISO 28007 as a pathway to ICoCA certification ahead of reviewing ISO 18788 (the new ISO standard for private security operations based on the ICoCA recognized ANSI/ASIS PSC.1) and ahead of completing the development of key procedures, such as monitoring and grievance procedures. What remains unclear is whether PMSCs will seek ICoCA certification, or if their clients will require it, without the ICoCA having finalized all of its procedures.

Two developments in the maritime industry, however, do bode well. First, ISO 28007 no longer contains a note that appeared in the previous ISO/PAS 28007, which stated that the International Maritime Organization does not view the ICoC as “directly applicable to the peculiarities of deploying armed guards at sea to protect against piracy since it is written in the context of self-regulation for land companies only.” The ICoC is now referenced in the bibliography. Second, Maersk Group, which includes one of the world’s largest shipping lines, announced in its recent 2015 Sustainability Report that it had undertaken a human rights due diligence process based on the UN GPs for all the business activities of the Group. One area identified as a priority human rights issue for 2016-2017 is the use of security services. The imminent recognition of ISO 28007 provides an opportunity for the ICoCA to lobby the shipping industry and other clients of PMSCs, as well as flag, coastal, and port states, to require that PMSCs adhere to the principles of the ICoC. To be impactful on the larger security industry, the ICoCA must foster compliance with the ICoC principles by all security providers, whether maritime or land-based and whether employed by private or public sector clients.

Congress Needs to Pass CEJA

Recent news reports announced that the four Blackwater guards found guilty in the September 2007 Nisour Square shooting incident plan to appeal their convictions. Nisour Square was one of the most infamous incidents involving the excessive use of lethal force by private security contractors in the Iraq conflict. Prosecutors accused the guards of being involved in 14 deaths of Iraqi civilians, and the four defendants received various sentences ranging from life in prison for first-degree homicide to minimum 30-year sentences for manslaughter and weapons-related charges. The guilty verdicts against the four guards was also heralded by many as one of the few examples of accountability for private security guards involved in committing gross human rights violations.

The appeal of their guilty verdict is based on two factors. First, the defendants’ lawyers claim that one of the key witnesses for the prosecution, an Iraqi traffic officer, significantly changed his testimony after the trial. Second, as was to be expected and far more significantly for other such cases in the future, the defendants’ lawyers plan to challenge the use of the Military Extraterritorial Jurisdiction Act (MEJA), to charge the four guards. They argue that MEJA only applies to contractors in support of a Department of Defense (DoD) mission. The Blackwater guards were working for the Department of State (DoS) at the time.

Should they succeed in moving their appeal forward, there will likely be much debate about what the DoD mission in Iraq was and how the DoS fit into that. However, what this appeal points to is the ongoing failure to close a glaring loophole in the law that does not allow U.S. government contractors to be subjected equally to federal statutes when they commit certain crimes. There have been repeated bi-partisan efforts to address this gap through the passage of the Civilian Extraterritorial Jurisdiction Act (CEJA). In July 2014, Senator Leahy and Congressman Price introduced CEJA in both houses. The bill went nowhere.

There is no justification for not closing this loophole. The jurisdiction of federal courts must be extended to apply to all U.S. government contractors operating on behalf of the government overseas. CEJA would also supply the U.S. Attorney General’s office with the needed investigative resources to successfully prosecute cases. The private security industry itself has been supportive of the legislation. One wonders what is stopping Congress from passing it?

New Report Provides an Insider Perspective on the International Code of Conduct Process

DCAF Report coverA new report, Towards an International Code of Conduct for Private Security Providers: A View from Inside a Multistakeholder Process, by Anne-Marie Buzatu of the Geneva Centre for the Democratic Control of Armed Forces (DCAF) provides a first-hand account of the process that led to the development of the International Code of Conduct for Private Security Service Providers (ICoC) and its accompanying governance and oversight mechanism, the ICoC Association (ICoCA). Ms. Buzatu representing DCAF, along with members of the Swiss Government and the Geneva Academy of International Humanitarian Law and Human Rights, formed the team of “neutral facilitators” that shepherded into existence this landmark multi-stakeholder initiative. Attaining consensus among stakeholders from private security companies, governments, civil society organizations, and other interested parties consulted during the process was no easy task. As Ms. Buzatu rightfully points out, the neutral facilitators in this case did everything to make that possible, from logistical project management and drafting of texts to building trust and mediating disputes among stakeholders.

The report covers a lot of historical ground. It begins by describing the circumstances at the time that gave impetus to the ICoC effort. In particular, in the wake of the wars in Iraq and Afghanistan and the accompanying rapid increase in the use of PSCs, it became clear that there were governance gaps at both the national and international levels that had to be addressed to ensure effective oversight and accountability for private actors with the potential to use force. There was also a growing recognition that PSCs operating globally in complex environments raised complicated jurisdictional issues, which no one state could address on its own. New forms of innovative governance at the cross-sections of the national and international and public and private would be required. Hence the emergence of the ICoC/ICoCA as exemplars of “co-regulation” i.e. regulatory approaches that bring together public and private actors and “combine the advantages of an international-level multistakeholder governance model with the force of statutory and/or contractual obligations.” By embedding adherence to the ICoC and membership in the ICoCA into the contracting requirements of some states and international organizations, this multi-stakeholder initiative is in the process of setting historical precedent in terms of “hardening soft law.”

However, the origins of the ICoC/ICoCA in response to the Iraq and Afghanistan wars and the ICoCA’s current inclusion of only state clients of PSCs, makes one wonder to what extent this may be an example of “regulating the last war,” to quote Sarah Percy. While insurers and private sector clients of the private security industry, particularly extractive companies, participated in some of the initial consultations on the ICoC and the charter of the ICoCA, in later stages Ms. Buzatu notes they took a “wait and see” approach. Fortunately, efforts are underway to solicit extractive companies buy-in, and the viability and more global applicability of the ICoC will depend on bringing in private sector clients of the private security industry.

Even without private sector clients on board, the ICoC/ICoCA process stands out among other examples of co-regulation for its transparency and multi-stakeholder, consensus-based decision-making. No doubt this was part of the recipe for success as each stakeholder pillar brings to the table different types of expertise and leverage to ensure that the provision of private security also facilitates general human security. PSCs have ground-truth and can best explain how to incorporate international human rights standards into their operations. Governments can give effect to international standards by incorporating them into international and national laws, regulations, and procurement requirements. Finally, civil society can provide insight into how security services are impacting on local populations and serve in a watch dog capacity. A section of the report on “Good Practices and Lessons Learned” cites trust among stakeholders, equally weighted participation, consensus-based decision-making, and transparency as key factors for successful co-regulation; sage advice for other co-regulatory initiatives underway that have at times found themselves struggling with differences among stakeholders. From this perspective, the Voluntary Principles on Security and Human Rights come to mind.

From an insider point of view, it would have been useful to hear more not just about what happened – from the Montreux Document to the ICoC, to the Temporary Steering Committee that drafted the charter for the ICoCA, and now the efforts of the ICoCA to develop procedures for certification, monitoring, and grievance mechanisms – but also how certain compromise positions were reached and why stakeholders took the positions they did.

That being said, one section of the report goes into greater depth detailing the process behind and provisions of the ICoC, which went through three versions before being finalized in 2010. The reader is able to trace from that section key provisions that developed over time, such as the applicability of the Code to complex environments; the need for a multi-stakeholder approach, rather than an industry-led process; the ability to agree about the value of an accompanying International Governance and Oversight Mechanism, but not about its specific contours; and the importance of embedding Code standards into procurement practices.

Another section on the drafting of the charter, later called the ICoCA Articles of Association, which was about two years in the making, also gives a good sense of the extensive, consultative drafting process undertaken by the multi-stakeholder Technical Steering Committee, as well as points of disagreement that had to be addressed and the consensus that was attained. Significantly, the very detailed initial draft of the charter was significantly pared down, leaving it to the ICoCA to develop the specifics of the certification, monitoring, and grievance procedures. During negotiations of the charter, differences in views about membership in the civil society pillar resulted in detailed membership criteria being finalized by the pillar after the launch of the ICoCA. Views also differed on the broad outline of the grievance procedure. In the end, with the exception of an arbitration function, nearly all proposed functions of the grievance procedure – advisory, referral, mediation, special audit, fact-finding, and gatekeeping functions – found their way to some degree or another into the charter.

However, what is not addressed in depth, and indeed shaped the how and why of much of these negotiated outcomes from the ICoC onwards, was the completion of the Department of Defense funded ANSI/ASIS PSC.1 management system standard for private security operations in 2012. The DoD, PSCs, and other interested parties supporting the development of PSC.1 saw it as an operationalization of the ICoC’s principles, as called for in ICoC Paragraph 7 which speaks to the need for “objective and measurable standards for providing Security Services based upon this Code.” Furthermore, once PSC.1 was completed and a pilot project was underway to accredit the first certification bodies and certify the first PSCs, this shaped negotiations on the certification function laid out in the charter of the ICoCA. The Articles of Association Paragraph 11.2.1 state that the ICoCA Board “shall define the certification requirements based on national and international standards and processes that are recognized as consistent with the Code,” and 11.2.4 states that the certification process shall not be “duplicative of certification under Board-recognized national and international standards.” Indeed, certification to PSC.1, along with some additional human rights relevant information, such as the human rights risk and impact assessment methodology used by a PSC, is now the first officially recognized route to ICoCA certification. Yet the relationship between those certification requirements, the field auditing requirements of PSC.1, and the ICoCA monitoring procedure currently under development is still an open matter of discussion.

Is re-hashing these discussions about the relationship between these two co-regulatory efforts a matter of opening old wounds? Not at all. This detailed history of the origins of the ICoC/ICoCA, together with an understanding of the differing views of stakeholders and how those differences were overcome to reach negotiated agreements, is essential background knowledge that amounts to something akin to “founders’ intent.” First, as new members join the ICoCA and new interested parties follow its further development, this history allows them to better grasp the significant strides that were made to get things to where they are today. Revisiting old disputes, or at least not understanding the origins of certain comprises, can hinder forward progress. Second, as ICoCA Board committees move forward with the work of assessing other international and national standards, developing monitoring and performance assessment procedures, and creating a grievance mechanism, it helps to remember the shared vision that drives the overall effort and the consensus that has already been attained. True multi-stakeholder initiatives by their very nature move at a slow pace. But the progress to date with the ICoC/ICoCA, in particular in terms of the commitments the industry has made to establishing an assurance framework with teeth, and the time in which this was achieved, are truly exceptional compared to other co-regulatory efforts. The historical insights offered in this report provide useful foundations for continuing to chart the way forward and increasing the uptake of international human rights standards by the private security industry on a global scale.

Webinar Materials: ISO 18788 – The New Standard for Responsible Security Operations

Human Analytics Senior Managing Director Rebecca DeWinter-Schmitt moderated a webinar on November 20 on the new International Organization for Standardization (ISO) standard, ISO 18788 Management System for Private Security Operations – Requirements with Guidance for Use. The standard details a risk management framework for the conduct of security operations, and is invaluable to organizations providing and contracting security services. The purpose of ISO 18788 is to enable consistent provision of security services while maintaining the safety of clients and ensuring respect for human rights and national and international laws. Speakers included Marc Siegel, Commissioner, ASIS International Global Standards Initiative; Christopher Mayer, Director of Contingency Contractor Standards and Compliance, DoD; and Lisa DuBrock, Managing Partner Radian Compliance. Their remarks provided valuable information on the purpose and content of ISO 18788, its incorporation into U.S. government procurement policy and operations, as well as insight into how to implement the standard and prepare for certification. A recording of the event as well as the Power Point slides of the speakers are available on the Human Rights in Business Program’s webpage on the Center for Human Rights & Humanitarian Law’s website, and can be found here.

Second Edition of Briefing Paper “Private Security Standards”

Security standards jpeg

The Human Analytics team is pleased to offer an updated briefing paper comparing and contrasting standards for the provision of private security services. This is the second edition of the briefing paper, “Standards for Private Security Services,” and it contains additional information related to the recently released ISO 18788: 2015 Management System for Private Security Company Operations. The paper also examines three other standards – the Voluntary Principles on Security and Human Rights, the International Code of Conduct for Private Security Service Providers, and ANSI/ASIS PSC.1-2010 Management System for Quality of Private Security Company Operations. Among the issues discussed are the origins of the standards, their relationship to each other, implementation efforts, and recent developments. A chart compares all four standards in terms of their content, scope, assurance mechanisms, and governance. The briefing paper can be downloaded for free here, and is a useful resource for understanding the evolving standards landscape for private security services.

REMINDER THIS FRIDAY – ISO 18788: The New Standard for Responsible Security Operations

ISO Webinar Flyer

REMINDER – THIS FRIDAY!

Seminar/Webinar

ISO 18788: The New Standard for Responsible Security Operations

In the wake of the global growth of the private security industry, a number of efforts have emerged to govern private security provision and ensure responsible security operations in complex environments, to include an international declaration, an international code of conduct, and an auditable national management system standard. Building on these efforts, as well as a growing international consensus about the human rights responsibilities of businesses, the new International Organization for Standardization (ISO) standard ISO 18788 Management System for Private Security Operations – Requirements with Guidance for Use details a risk management framework for the conduct of security operations. The standard is invaluable to organizations providing and contracting security services. Two years in the making, the purpose of ISO 18788 is to enable consistent provision of security services while maintaining the safety of clients and ensuring respect for human rights and national and international laws. It stands out as the first auditable ISO standard with human rights at its core. During this seminar, which is also being live-cast as a webinar, learn more about the standard, its incorporation into U.S. government procurement policy, and how to implement it and prepare for certification.

WHEN: Friday, November 20, 10:30am-12:00pm EST

WHERE: American University Washington College of Law, 4801 Massachusetts Ave., NW, Washington, D.C., Room 601 (Free shuttle service is available from the Tenleytown metro stop on the red line.)

Participation is free and open to the public.

Click here to learn more. Click here to register for the webinar. No registration is required if attending in person.

For inquiries, email the Center for Human Rights & Humanitarian Law at humlaw@wcl.american.edu

SPEAKERS:

Dr. Rebecca DeWinter-Schmitt, Director of the Center’s Human Rights in Business Program and Senior Managing Director of Human Analytics, will moderate and speak to the standards landscape around security operations, as well as the human rights provisions of ISO 18788.

Dr. Marc Siegel, Commissioner, ASIS International Global Standards, wrote the initial draft of ISO 18788 and chaired the Project Committee that developed the standard. He will provide an introduction and overview of the standard.

Colonel Christopher Mayer, U.S. Army Retired, Director of Contingency Contractor Standards and Compliance for the Department of Defense, will address the U.S. government’s support and involvement in the development of auditable standards for security operations and their incorporation into DoD operations and procurement policies.

Lisa DuBrock, Managing Partner for Radian Compliance, will speak to the steps organizations must take to implement ISO 18788 and prepare for a successful certification to the standard.

 

Seminar on ISO 18788: The New Standard for Responsible Security Operations

ISO Webinar FlyerIn the wake of the global growth of the private security industry, a number of efforts have emerged to govern private security provision and ensure responsible security operations in complex environments, to include an international declaration, an international code of conduct, and an auditable national management system standard. Building on these efforts, as well as a growing international consensus about the human rights responsibilities of businesses, the new International Organization for Standardization (ISO) standard ISO 18788 Management System for Private Security Operations – Requirements with Guidance for Use details a risk management framework for the conduct of security operations. The standard is invaluable to organizations providing and contracting security services. Two years in the making, the purpose of ISO 18788 is to enable consistent provision of security services while maintaining the safety of clients and ensuring respect for human rights and national and international laws. It stands out as the first auditable ISO standard with human rights at its core. During this seminar, which is also being live-cast as a webinar, learn more about the standard, its incorporation into U.S. government procurement policy, and how to implement it and prepare for certification.

WHEN: Friday, November 20 at 10:30am EST

WHERE: American University Washington College of Law, Room 601

Participation is free and open to the public.

Click here to learn more. Click here to register for the webinar.

For inquiries, email the Center for Human Rights & Humanitarian Law at humlaw@wcl.american.edu

SPEAKERS:

Dr. Rebecca DeWinter-Schmitt will moderate the seminar and speak to the standards landscape around security operations, as well as the human rights provisions of ISO 18788.

Rebecca is the Director of the Human Rights in Business Program at American University Washington College of Law’s Center for Human Rights & Humanitarian and the Senior Managing Director of Human Analytics. She has been involved in various efforts to set standards for security services and chaired the ISO U.S. Technical Advisory Group that participated in the drafting of ISO 18788.

Dr. Marc Siegel, who wrote the initial draft of ISO 18788 and chaired the Project Committee that developed the standard, will provide an introduction and overview of the standard.

Marc is the Commissioner heading the ASIS International Global Standards Initiative developing international and national risk management, resilience, security, and supply chain standards, and provides training on their implementation. Marc chaired the technical committees and working groups for the series of ANSI standards developed for private security service providers to demonstrate accountability to business and risk management requirements while meeting legal obligations and respecting human rights. Marc served as Chairman of ISO/PC284 which developed ISO 18788.

Colonel Christopher Mayer, U.S. Army Retired will address the U.S. government’s support and involvement in the development of auditable standards for security operations and their incorporation into DoD operations and procurement policies.

Chris is the Director of Contingency Contractor Standards and Compliance for the Department of Defense, responsible for policy and Department-level oversight of private security contractors (PSCs). He is DoD Program Manager for PSC standards and U.S. government technical advisor to the International Code of Conduct for PSCs. His portfolio includes human rights and anti-human trafficking policy in U.S. contingency contracting. He represented the U.S. government in the Montreux Document process.

Lisa DuBrock will speak to the steps organizations must take to implement ISO 18788 and prepare for a successful certification to the standard.

Lisa is a Managing Partner for Radian Compliance, LLC where she specializes in design and implementation for her clients of management system standards. Lisa sits on the ASIS Standards and Guidelines Commission developing American National Standards.  She has been instrumental in developing standards supporting private security companies, business continuity and organizational resilience, and was an active member of the ISO U.S. Technical Advisory Group that developed ISO 18788.

Upcoming Workshop on new ISO 18788 Management System for Private Security Operations

Join Radian Compliance and Human Analytics on Tuesday, November 3, 2015 in Hampton Roads, VA for the DoD – Procurement Technical Assistance Program training on the recently released international standard, ISO 18788 Management System for Private Security Operations. If you are a private security company working for the DoD, DoS, or a commercial entity, this new ISO standard is relevant to you. Supported by the DoD, the purpose of this new standard is to enable consistent provision of security services while maintaining the safety of clients and ensuring respect for human rights and national and international laws in circumstances where the rule of law has been weakened due to human or natural events. ISO 18788 builds on ANSI/ASIS PSC.1 Management System for Quality of Private Security Company Operations.

This 3 hour session runs from 1pm-4pm and presents an overview of ANSI/ASIS PCS.1 as well as ISO 18788. Learn the requirements of the standards. Gain an understanding of how to implement a risk management framework and a human rights impact analysis, both requirements of the standards. Advice will be shared on which standard to adopt and whether to comply of conform to that standard.

In addition to the ISO 18788 workshop, a morning workshop will cover the recently revised and released ISO 9001: 2015 Quality Management Systems. This standard is at the heart of most organizations that want to drive value and quality processes to its customers. The workshop will review the certification and implementation requirements of a quality management system, and will examine how ISO 9001:2015 can integrate with other ISO systems along with supply chain requirements, including those of the Federal Government. With the September 23rd release of the updated standard, this session will also review the changes from the 2008 version. This class is appropriate for those both new to and experienced with ISO 9001. Many PSCs that seek certification to ANSI/ASIS PSC.1 and ISO 18788 also gain ISO 9001 certification in the process.

The workshops cost $75, the proceeds of which go to George Mason University. To register for the workshops visit http://virginiaptap.org/calendar/   On the ‘Center’ Line select Hampton Roads for information and registration.

International Code of Conduct Association Reviews the Past Year and Maps Road Ahead

The International Code of Conduct Association (ICoCA) held its Annual General Assembly meeting on October 8 in Geneva. The ICoCA, established in September 2013, governs and oversees implementation of the International Code of Conduct for Private Security Service Providers and promotes the responsible provision of security services in line with the human rights and humanitarian law commitments laid out in the Code. As was the case at last year’s General Assembly, the Swiss-based multi-stakeholder initiative brought together its members from private security companies (PSCs), civil society organizations, and governments as well as observers to review the achievements of the previous year, discuss remaining challenges, and map next steps. Human Analytics participates as an observer to the ICoCA.

The Secretariat provided an Annual Report for 2014-2015 and addressed progress made to date in key areas. What follows are some highlights from the meeting. With regard to governance, the Secretariat has continued to grow in size and currently has a five person staff. Tasked with, among other things, administering the day to day business operations, overseeing the membership application process, administering the certification procedure, and providing support to the Board as it develops additional procedures, the Secretariat expects to add new staff when the monitoring and complaint procedures are completed. The ICoCA’s twelve member Board has created committees and working groups to assist it with its work, to include growing the size of the Article 12 Development Working Group, which is currently developing the monitoring, reporting and performance assessment procedure.

With the certification procedure recently completed and ANSI/ASIS PSC.1 recognized as the first national standard to serve as a basis for ICoCA certification, the Board is now focusing to monitoring adherence to the Code, one of the core functions of the ICoCA. With financial support from the U.S. government, as a first step the Article 12 Development Working Group is developing performance benchmarks based on the Code. The benchmarks will serve as objective criteria for assessing performance, shape the reporting requirements, and guide the Secretariat and Board’s efforts to monitor member companies remotely and in the field. A few industry members expressed concerns that any requirements under Article 12 must not be duplicative of steps already taken to gain certification to ANSI/ASIS PSC.1. If the time needed to develop the certification procedure is any indication, it will be awhile before stakeholders reach consensus on the procedure for monitoring, reporting, and performance assessment. From the perspective of many civil society organizations, this procedure is core to the ICoCA’s ability to assess the actual impact of security operations on local populations’ human rights. The complaint process will also prove essential to identifying negative human rights impacts, and the Board’s Complaint Process Development Working Group is currently undertaking a comparative study of existing complaints and grievance mechanisms to inform its work.

In addition, the ICoCA is currently piloting ICoCA certification and plans to develop guidelines to assist member PSCs through that process, in particular with regard to the additional human rights related information they must submit. The Board’s Certification Committee, with the new certification procedure and analytical matrix to assess new standards in hand, is completing its review of the maritime security standard ISO 28007-1. This is an important development for maritime security providers, who initially signed on the Code in large numbers. The next standard to be reviewed will be the new ISO 18788. The Secretariat indicated that since ISO 18788 builds on the already recognized ANSI/ASIS PSC.1, there is no reason to believe that the Board would not also recognize ISO 18788 in a time frame that would comport with the first certification bodies becoming accredited to certify to it.

Perhaps somewhat more unexpectedly, a proposal was made by a Swiss company to examine the suitability of the generic ISO 9001 quality management standard for certification to the ICoCA. The request is likely linked to Switzerland’s new law that requires membership in the ICoCA for companies based in Switzerland providing security services overseas or who support the provision of those services, as well as PSCs providing contracted security services to Swiss government agencies overseas and holding companies headquartered in Switzerland with control over PSCs operating overseas. The law’s expansive definition of security services does not match that of the Code which, among other things, has created some implementation challenges. The proposal met opposition, with some fearing that the ubiquitous ISO 9001 certification might result in a watering down of the Code’s requirements, as well as support, with some advocating a pragmatic, stepped entry into the ICoCA for both small and medium sized and non-U.S. and UK PSCs, for whom certification to ANSI/ASIS PSC.1 may not be as readily attainable. The Secretariat committed to examining the factual basis for concerns that certification to PSC.1, and ultimately ICoCA certification, is inaccessible to some PSCs interested in becoming members. The Secretariat stated that it does not want to exclude PSCs committed to the Code based on commercial considerations.

During break-out sessions of the individual pillars and observers, the industry pillar of the ICoCA voted in a new representative, and announced shortly thereafter that Pamela Hosein would join the Board. Ms. Hosein’s company is based in Trinidad & Tobago, and her election to the Board represents an important step in diversifying the Board to reflect the global make-up of member companies. One challenge identified during the meeting was broadening the ICoCA’s membership to include non-U.S. and UK companies. Currently, of the 88 member PSCs, 23 are home in the UK and 15 in the U.S. The remaining 50 PSCs are based in 29 different countries, with the UAE, Pakistan, and Cyprus being the only countries home to 5 or more member PSCs. However, the greatest growth in membership comes from PSCs headquartered outside of the U.S. and UK, and the Secretariat reported that two new applications are pending review and 34 are in process. An uptick in PSC membership should thus occur soon, as the application processing time has been reduced to two weeks.

The civil society pillar has also increased its global diversity, with the 13 civil society organizations at home on four different continents. Unfortunately, the government pillar’s six members (U.S., UK, Switzerland, Sweden, Australia, and Norway) are less geographically diverse. However, there is hope that the recently established Montreux Document Forum, with its 52 governments who have expressed support for the Montreux Document, might serve as a conduit for involving more countries in the ICoCA. The Montreux Document Forum has established an ICoCA Working Group that will liaise with the ICoCA. On a positive note, five of the governments currently participating in the ICoCA recognize in some fashion the importance of adherence to the Code in their regulations and procurement policies. With the Secretariat’s efforts to reach out to other non-state clients of the industry, such as extractive companies via its plans to join the Voluntary Principles on Security and Human Rights as an observer, one can expect continued growing interest among clients of the security industry in the verifiable provision of responsible security services.

Update: Further Progress Made in Finalizing Certification to ICoCA Using PSC.1

In a previous blog post, ICoCA Releases Draft Certification Procedure for Vote by Members, Human Analytics described the process by which a national or international standard is considered for approval by the International Code of Conduct Association (ICoCA) as the pathway for a private security company (PSC) to gain ICoCA certification. To be approved a standard must be consistent with the principles of the International Code of Conduct for Private Security Service Providers (ICoC). Where there are inconsistencies between a standard and the ICoC, the ICoCA can request additional human rights and humanitarian law related information from member PSCs in order to assess whether their systems and policies meet the requirements of the ICoC. On July 3, the ICoCA Secretariat announced that the General Assembly approved the Certification Procedure with no dissenting votes and 65%+ participation in the vote by members from all three pillars – governments, PSCs, and civil society organizations.

With the Certification Procedure now in place, the Secretariat is undertaking the next step of assessing whether certification of a PSC to PSC.1 – shorthand for the ANSI/ASIS PSC.1-2012: Management System for Quality of Private Security Company Operations – meets the requirements of the ICoC. To that end the ICoCA Secretariat has circulated a Draft ICoCA Recognition Statement for ANSI/ASIS PSC.1 – 2012 along with Annex A: Draft Analysis of ANSI/ASIS PSC.1-2012 against the ICoCA Certification Assessment Framework and Annex B: Draft Certification Additional Information Requirement for PSC.1. These documents are now open for public comment. Compiled comments will be posted to the ICoCA website once the comment period ends on August 24. Thereafter, the Board will review the comments and will vote whether to accept the standard and publish a Recognition Statement for PSC.1. If accepted, the ICoCA will begin processing requests for ICoCA certification beginning in early October. Under the Articles of Association, member PSCs must obtain ICoCA certification within one year of the release of the Certification Procedure, which would be July 2016.

Human Analytics, as an Observer to the ICoCA, submitted the following comment to the Secretariat:

“Human Analytics, as an Observer to the International Code of Conduct Association, welcomes the progress that has been made in approving a Certification Procedure and releasing a Draft ICoCA Recognition Statement for ANSI/ASIS PSC.1 – 2012 and accompanying Draft Annexes. This represents an important step forward in enabling the ICoCA to exercise its governance and oversight functions. Furthermore, Human Analytics is pleased to see that the ICoCA recognizes the importance of harmonizing the International Code of Conduct with recently developed and emerging national and international standards applicable to the private security industry, in particular the UN Guiding Principles on Business and Human Rights and the ISO 18788 Management System for Private Security Operations – Requirements with Guidance.

The Annex A: Draft Analysis of ANSI/ASIS PSC.1-2012 against the ICoCA Certification Assessment Framework is a valuable document for clarifying where the ICoCA sees a limited number of inconsistencies between the ICoC and PSC.1, which informed the additional information requirements laid out in Annex B. However, when undertaking such comparisons, it is useful to bear in mind the nature of the two documents and their inter-relationship. The drafters of PSC.1 saw the standard’s purpose in the operationalization for implementing PSCs of the human rights and humanitarian law principles and commitments detailed in the ICoC through a risk and quality assurance management system process. In other words, PSC.1 turns the principles of the ICoC into business practice standards.

Furthermore, the Montreux Document and the ICoC form the normative foundations of PSC.1. This has a number of implications. When PSCs establish the framework for their management system, as detailed in section 5.1 of PSC.1, the management system “shall incorporate and adopt the legal obligations and recommended good practices of the Montreux Document relevant to PSCs and the guiding principles of the ICoC.” In other words, all requirements of the ICoC must be met for a company to be certified as in conformance with PSC.1. According to accredited certification bodies, audits are undertaken with PSC.1 as well as the ICoC in hand.

Finally, the provisions contained in the Guidance, while reflecting “should” rather than “shall” statements, are nonetheless significant both for PSCs and their auditors. For PSCs, the Guidance provides further information on how to interpret and understand the standards’ requirements, as well as additional detail on possible means to tailor implementation of those requirements to a particular company’s operating context. For auditors, the Guidance offers additional information not only on how to interpret the requirements, but also on what to look for when gathering evidence of conformance.

The most significant identified inconsistency between the two documents is with regard to the Human Rights Risk and Impact Assessment (HRRIA). While technically not a term appearing in either the ICoC or PSC.1, the ICoCA has rightfully identified an adequate HRRIA process as essential to identifying, preventing, mitigating, and addressing human rights risks linked to security operations. A HRRIA requirement is also an important step toward harmonizing the ICoC with emerging national and international consensus on the type of human rights due diligence any company should undertake, and in particular when operating in complex environments.

However, Human Analytics has some concerns with regard to the HRRIA checklist. First, it is unclear how the Secretariat will evaluate a written risk assessment model or process against this checklist. What is proposed here would appear to amount to a desk-based review of a company’s self-reported policies and may not provide a fuller view of what actually happens in practice. Second, the substantive questions relating to internal controls and policies and prohibitions contained in the ICoC amount to a restatement of the ICoC’s key provisions formulated as a list of questions on whether or not the HRRIA considered these provisions. Checklists lend themselves to tick the box exercises.

HRRIAs are a relatively new tool for identifying and managing human rights risks, and to date there has been limited standardization and agreement on best practice. Therefore, in keeping with Article 12.4 of the Articles of Association, which states that the ICoCA shall promote industry best practices, the ICoCA could help advance rights-respecting conduct of PSCs by supporting the development of sound HRRIA processes and tools specifically geared toward the needs of the private security industry and the rights-holders and other stakeholders affected by its activities. In developing such tools, the ICoCA could consider drawing on the expertise not only of its member PSCs, who have already undergone PSC.1 certification, but also of other companies in other sectors operating in complex environments, who have undertaken HRRIAs, as well as the various organizations – legal, academic, consulting, and not-for-profit – that have substantive knowledge of and first-hand experience with conducting HRRIAs.”

Updated Toolkit “Addressing Security and Human Rights Challenges in Complex Environments” Now Available

ICRC-DCAF-Toolkit1Recently the Geneva Centre for the Democratic Control of Armed Forces (DCAF) and the International Committee of the Red Cross (ICRC) announced an updated, second version of their Toolkit, Addressing Security and Human Rights Challenges in Complex Environments. Human Analytics posted on the first version, which was released a year ago. In a press release, DCAF and ICRC describe the Toolkit as a “guidance document structured around real-life security and human rights challenges faced by companies operating in complex environments.” It identifies operational challenges and provides good practices and recommendations to address them, as well as practical tools, such as checklists and case studies. Based on extensive desk- and field-research and interviews, the Toolkit can be of use to both field and headquarter personnel and is user-friendly. Users need not necessarily read through the entire Toolkit, but rather can click on a particular challenge they face, whereupon they will be linked to the page with recommended good practices to address that challenge.

In addition to chapter updates on working with host governments and public security forces, readers of this blog may be particularly interested in a new third chapter, Working with private security forces. That chapter identifies ten distinct challenges that companies may face when working with private security forces, namely in the areas of risk and impact assessment, labor standards, local procurement, vetting, training, relationship between public and private security, security equipment and use of force, oversight and accountability, and human rights abuses.

Each of these challenges is further elaborated. To take one example, under the heading “bids and contracts” additional challenges include that “companies may find it difficult to properly assess quality and cost considerations when selecting private security providers;” “human rights responsibilities and potential liabilities of both the company and the PSP [private security provider] may not be clear;” and “in the absence of implementation guidance, PSPs may not fully perform according to international standards, despite their inclusion in contracts.” Good practices to address each challenge are detailed. For example in the case of the latter, they include recommendations such as developing policies, procedures, and guidelines defining the roles and responsibilities of PSPs; ensuring the PSPs understand the performance objectives detailed in the contract related to respect for national and international laws; complementing training provided by the PSPs to its personnel as needed; conducting regular performance evaluations and meeting with the PSP’s management to review findings; and developing options to address non-conformance of the PSP with contract requirements. Each good practice is described in greater detail, with references and links to key relevant provisions in guidance documents provided. Many of these guidance documents will be well-known to security providers, such as the International Code of Conduct for Private Security Service Providers, ANSI/ASIS PSC.1, the Montreux Document, the Voluntary Principles on Security and Human Rights, and the UN Guiding Principles on Business and Human Rights. Others may be a bit less familiar to private security providers, but nevertheless contain invaluable guidance. All of these documents are available in full under the General Guidance section of the website housing the Toolkit.

The Toolkit is embedded in a larger Security and Human Rights Knowledge Hub. Among other things, the Hub collects policy frameworks, guidance documents, case studies, and tools that support companies addressing the challenges of operating in complex environments. In particular, the Hub supports companies seeking to implement the Voluntary Principles on Security and Human Rights, to which DCAF and ICRC are official observers. However, the Hub is also meant to be a resource to other companies, beyond the extractives industry, which work in complex environments, as well as the public and private stakeholders with whom they engage. The Knowledge and Toolkit are living products to be updated regularly. Users are encouraged to comment and contribute information and materials to both.

Steps to Implement the Private Security Company Quality and Risk Management Standard

Recently ANSI published a new management system standard formally titled Management System for Quality of Private Security Company Operations – Requirements with Guidance (PSC.1).  This standard has also been the basis to develop an International Standard ISO 18788 Management system for private security operations – Requirements with guidance to be published later in 2015.  Many companies ask what do I need to do to implement the standard?  The very first question to answer is does my company/organization want to comply with the standard or conform to the standard?  Compliance versus conformity, what does that mean?  If an organization elects not to get certified, they have decided to comply with a standard and in many instances may self-declare their compliance.  Should an organization decide to get certified by an accredited third party, they will participate in a conformity assessment to a standard.

Another question that is frequently asked about in becoming PSC.1 or ISO 18788 certified is how does my company get certified?  The question that should be asked before that is: Should my company get certified?  There are reasons to get certified (from supply chain requirements, to competition) and even some reasons not to (for example, your organization may not have a driving need to get certified, and the one most frequently cited reason, but not necessarily correct, it’s too expensive).

In general, the question to ask the organization is why do all the work and not get your certificate?  The remainder of this article is a series of ten steps for an organization to take to get certified.  Only two of the steps can be eliminated if an organization has decided to comply with a standard.

Steps to Implement either PSC.1 or ISO 18788

1. Pick a standard – There are currently 2 options: ISO 18788 (not yet published) and ANSI/ASIS PSC.1:2012.  As previously stated, ISO 18788 builds on the PSC.1 standard.

How does an organization go about picking a standard? Can an organization pick and choose between the various standards? These are frequently asked questions. First some clarification.  You may certify to multiple standards, but you cannot take pieces from each standard to get a certification.  The certification is per standard.   It is important to note that it is probable that if you get certified to PSC.1 you will be grandfathered into ISO 18788 through the requirements of an upgrade audit.

In some instances due to the very different requirements of a business, multiple certificates may work best.  If the organization chooses multiple certificates, it must submit to multiple certification audits for each identified certificate.  One example may be that the corporate functions might wish to obtain one certificate, while the organization decides that each diverse geographic area is covered under a different certification.

2. Set a scope – Once an organization has picked a standard, the next most important thing for the organization to accomplish is to set a scope for its system. This is typically a formal scope statement that becomes part of the Private Security Company Management System Policy.   This scope statement may be defined with various boundaries, including geographic, business line, and business function.

Important to defining the scope is that senior management must agree to the scope and it needs to make sense for the organization.  In some organizations, the scope has been defined geographically, in others it includes the entire organization.  Limiting the scope can allow for a proof of concept approach to ease the roll out of the management system.  Management systems have very specific requirements, and for an organization new the implementing an ISO type management system, these requirements may be a little difficult to understand and implement company wide.

A frequent complaint I hear as a consultant is, “Of course we have a management system in place, we made XXX dollars last year.”  I commend these organizations; unfortunately for many of those organizations they don’t necessarily have an ISO type “management system” in place.

An ISO management system works on the premise of Plan-Do-Check-Act with a continual improvement cycle driven by management accountability.

Also key to implementing either PSC.1 or ISO 18788 are human rights.  In fact human rights are mentioned 133 times in the PSC.1 standard.  Keep in mind that to successfully implement this type of system, a human rights risk assessment and demonstrated training must be developed and rolled out.

3. Perform a self or pre-assessment – This type of review is specifically against the standard that the organization has adopted. A self-assessment may be performed either by the organization or a competent consultant.  A pre-assessment is a term specifically used by a registrar (also known as a certification body) and is performed prior to a registration conformance assessment.  In both cases gaps to the standard are identified.  In the case of a self-assessment remediation plan suggestions may also be included.

4. Close the gaps – There may be some gaps defined as an output from the gap assessment. These gaps can be sorted into two types of areas, management system gaps or security operations and human rights discipline gaps.

  1. Management System Gaps – These are gaps that are standard to any management system. A management system follows not only the Plan-Do-Check-Act lifecycle, but also has a number of common elements.  Management commitment, resources and training, management review, internal audit, and continual improvement are present in all management systems.  Setting a scope and, in most cases, measurable objectives are also requirements.
  2. Security and Human Rights Discipline Gaps – These are the types of gaps that management would be most familiar with. They would include gaps to a Security and Human Rights Risk Assessment, internal and external communication processes, outsourced vendor management, prevention and management of undesirable or disruptive events, and operational controls.

The standard you select will dictate to you the requirements of your management system via what is termed ‘shall’ statements.  As in most management systems if the statement includes the word ‘shall’ then a policy, procedure, or process needs to be implemented to support that requirement.

5. Select a registrar – This is the first area where compliance and conformity to a standard diverge. If you are looking for compliance, you don’t need to select a registrar.  If you want to be certified as being in conformity you will need to select a registrar.  Due diligence is required.  As of the publication date of this article, there were two registrars that have been designated as PSC.1 accredited registrars.  Both of the registrars are accredited under the United Kingdom Accreditation Service (UKAS) and they can be found here.  When selecting a registrar ask for the resume of the auditor you will be dealing with.  It is not the sales person, but rather the auditor who will be communicating with you over a three year period.  If your organization has other management system certifications like ISO 9001 or ISO 14000, contact the management representative in your organization for those standards and ask them for assistance.

6. Provide training – Competence of personnel within the management system is required by most of the standards, including not just competence with the functions of the organization, but also with the standard you selected. For these particular standards human rights training is also a must.  An awareness training class should be considered for all members directly supporting the private security management system and for key interested parties.

7. Operate your system – Conformity to a standard is much more than creating documentation. Both of the standards require operating the system, or a ‘do’ phase.  This is the process where evidence is collected over a period of time.  This evidence shows an auditor that you are in fact operating within your management system.  This includes such things as management review minutes, internal audit reports, proof of updates to security and human risks risk assessments, training, and communication and preventative management of undesirable events.

8. Conduct an internal audit – An internal audit is part of every management system standard. An internal audit should be conducted annually.  It is a little different from typical internal audits which are mainly based on financial, operational, and/or system internal controls.  This internal audit is against the standard.  Issues or gaps that are noted during an internal audit are typically considered non-conformities and are brought forward as part of the management review process and the continual improvement process. 

If you are seeking certification, you will need an internal audit conducted prior to your Stage 1 and your Stage 2 registration audit.

9. Certification path – This is the second area that is not required if the organization is seeking compliance to a standard. However if you are seeking certification or conformity to a Private Security Company standard, this is your path to certification.

  1. Stage 1a documentation review. This is a review by your registrar auditor to determine that you have all the required documents in place and that the elements of the standard are present in these documents.
  2. Stage 2 – an effectiveness review. This is a conformity assessment against the operation of your organization’s management system.  In order to be successful with this review you will need to show evidence that you are operating according to your processes developed for step seven above.  Upon successful completion of this review, you will be recommended for certification.
  3. Certification – Typically between 4-8 weeks after your successful completion of your Stage 2 audit, you will receive a certificate of certification. This certificate will include your agreed to scope statement as you defined in step two above.

10. Improve your system – Just as your current security and human rights processes are not stagnant, your management system will also not be stagnant. Throughout your certification period you will be identifying areas for improvement, upgrading your system, and conducting internal audits and management reviews.  Continual improvement is really what a great management system is about.

Your certification is good for three years and during this time your registration auditor will visit you no less than annually and will be reviewing certain elements of your system against the standard.  Keep in mind that if your certification supports many geographic locations, the audits will be conducted in those locations.  At the end of the three years, you receive a re-certification audit and the three year cycle continues.

Should you decide to follow eight steps to compliance or ten steps to conformity your adherence to a standard will provide your organization with more maturity to your program.

Radian Compliance, LLC www.radiancompliance.com provides Governance, Risk and Compliance services with offices in Chicago, IL and Washington, DC.  We guide our clients to the best processes and solutions enabling them to make sound operational, security, and human rights decisions to meet and exceed the requirements of management system based standards.  Radian Compliance works in an advisory role to ensure the organization has the education and tools to continue managing their compliance requirements beyond our engagements.

Lisa DuBrock, CPA, CBCP, MBCI, ldubrock@radiancompliance.com is a Managing Partner for Radian Compliance, LLC where she specializes in implementing Private Security Company Management System standards as well as Information Security standards for her clients.  She is a commission member of ASIS International’s Standards and Guidelines Commission and a member of the ISO 18788 US-TAG.  Lisa is a university lecturer and international speaker on the benefits of implementing standards.  She welcomes and will respond to any specific questions you may have on the Standards discussed in this article.

 

Swiss Law on Private Security Companies Contributes to Protection of Human Rights

On June 24, the Swiss government published a detailed decree relating to the Swiss law on Private Security Companies (PSCs) and announced that it will go into effect on September 1, 2015. The Swiss government, through its Federal Department of Foreign Affairs (FDFA), has taken the lead in fostering international consensus on regulation for PSCs through its two-part Swiss Initiative. Phase one, carried out in conjunction with the International Committee of the Red Cross, was an effort to create a non-binding declaration directed at states that contract with PSCs and are home to them, as well as the territorial states where they operate. The resulting Montreux Document, released in September 2008, recalls the existing international humanitarian and human rights law obligations of states with regards to the activities of private military and security companies during armed conflict, and elaborates good practices to assist states in meeting those obligations. Phase two of the Swiss Initiative focused on developing an international code of conduct and accompanying governance and oversight mechanism for the private security industry. Released in November 2010, the International Code of Conduct for Private Security Service Providers (ICoC) details human rights-based principles for the responsible provision of security services in complex environments. The multi-stakeholder governed International Code of Conduct Association (ICoCA), launched in September 2013, ensures implementation of, and accountability to, the ICoC.

The Swiss Federal Council’s decree details provisions to bring the 2013 law into full effect, and reflects the national manifestation of its international efforts. The law was passed to help ensure Swiss security and neutrality as well as respect for human rights. It applies to companies based in Switzerland providing security services overseas or who support the provision of those services, as well as Swiss government agencies contracting private security overseas and holding companies headquartered in Switzerland with control over PSCs operating overseas.

Key provisions of the law include the following:

  • PSCs headquartered in Switzerland may not participate in offensive operations during armed conflict.
  • PSCs must be members of the ICoCA.
  • Services that could result in severe human rights abuses are forbidden. For example, prison services cannot be provided in countries where it is known that torture occurs regularly at those facilities.
  • PSCs that wish to provide security services in complex environments, to include the protection of people, property, goods, as well as check point and prison services, must register with the Political Directorate of the FDFA. The FDFA will decide within a 14 day span whether the services are routine and acceptable, require additional investigation, or should be forbidden because they run counter to the intent of the law. Expedited registration is possible for services provided in an emergency situation.
  • Among the information required at time of registration is the types of services to be provided and clients, operating environments, weapons to be used, number of personnel and personal information of armed personnel, screening of personnel, expected risks, and trainings, including on human rights and humanitarian law.
  • The Federal Council has set minimal contractual requirements for PSCs working with Swiss government agencies, including reporting on the status of service provision, the identity of personnel, who can be replaced if they threaten delivery of contractually required services, notification of the contracting agency of any situation that may affect fulfillment of the contract, and notification of any incidents involving use of force. A sample contract containing these minimal requirements is available.

 

The enforcement of the law foresees measures such as empowering the FDFA to carry out, under certain conditions, unannounced inspections of the offices of PSCs, to include examination of their files. Failure to comply with the law can result in prison sentences of up to three years and fines.

Relevant Op-ed: Military security contractors get PTSD, too

Human Analytics Advisory Board member Molly Dunigan has written a timely and relevant op-ed in USA Today discussing the prevalence and possible impacts of post traumatic distress disorder (PTSD) in private security contractors. Her research has shown that there are higher rates of PTSD among security contractors relative to civilians and military personnel. She recommends that security companies and their public and private sector clients work together to implement appropriate mental screening before sending security providers into the field, ongoing screening during and after deployment, and destigmatizing and providing effective mental health treatment. Her op-ed is available here635694704373942888-NISOOR-CAR

ICoCA Releases Draft Certification Procedure for Vote by Members

The International Code of Conduct Association (ICoCA) has released its draft Certification Principles and Procedure for vote by the members of its General Assembly from the private security industry, civil society, and government pillars. When the vote is finalized by June 29, and assuming the Certification Procedure is approved by a majority of each pillar, this will represent an important step for the ICoCA in executing its role as an oversight authority overseeing implementation of the International Code of Conduct (ICoC). The ICoC was completed in 2010 and lays out a set of human rights and humanitarian law principles regarding the conduct of private security company personnel as well as commitments regarding management and governance.

The certification procedure was a long time in the making as Board representatives from the three pillars and the ICoCA Secretariat worked with each other to find consensus in particular with regard to the ICoCA’s position on certification to PSC.1 – short hand for the ANSI/ASIS PSC.1-2012 Management System for Quality of Private Security Company Operations. However, this vote does not fully address that issue at this time, but rather seeks approval for the process to assess any national or international standard presented to the ICoCA for consideration. As laid out in Article 11.2.1 of the ICoCA Articles of Association:

“The Board shall define the certification requirements based on national or international standards and processes that are recognized by the Board as consistent with the Code and specifying any additional information relevant to the human rights and humanitarian impact of operations it deems necessary for assessing whether a company’s systems and policies meet the requirements of the Code and its readiness to participate in the Association”

The draft Certification Procedure lays out the process the Certification Committee will undertake before the Board decides whether to recognize a standard:

Step 1:

A Member can submit any standard related to security operations as a potential pathway to certification.

Step 2:

If a standard is accepted for consideration, the Committee will evaluate the content of the standard against the ICoC as well as the process by which a company is certified. A draft Certification Assessment Framework for purposes of such an analysis was also released, with the full analysis of PSC.1 to follow at a later date. The Framework is not subject to vote. Whatever gaps the assessment reveals can serve as the basis for defining the “additional information relevant to the human rights and humanitarian impact of operations.” A draft Certification Additional Information Requirement for PSC.1 reveals where consensus has emerged about what that additional information likely will be for PSC.1, although the document will not be finalized until after the vote on the Certification Procedure is completed. In its current form companies will need to provide:

  • The certificate with the scope of their certification by an accredited certification body.
  • Any non-conformities identified in the certification report.
  • Their corrective action plans to address those non-conformities.
  • Their Human Rights Risk and Impact Assessment (HRRIA) model or process.
  • A range of documents with regards to subcontractors’ uptake of the ICoC’s commitments, screening and vetting of personnel, anti-discrimination policies, and competency reviews and training of personnel.

With regard to the HRRIA, a draft HRRIA assessment framework was also released. It contains a series of Yes/No questions and requests to evidence references in company policies. It is divided up between process questions – regarding the frequency of HRRIAs, the involvement of relevant internal and external stakeholders, and implementation of HRRIA findings – and a series of substantive questions relating to internal controls and policies and specific human rights provisions of the ICoC. The HRRIA assessment framework is an effort to assess whether a company’s HRRIA covers many of the commitments laid out in the ICoC with regard to conduct of personnel, human rights, and management and governance. The framework will also be finalized at a later date; however, at this point it is unclear what benchmarks the ICoCA will use to determine the acceptability of answers and how it will assess the accuracy of information submitted.

Step 3:

If a standard is deemed to be consistent with the ICoC, the Committee will draft a Recognition Statement which will include the additional information identified by the Committee based on the Assessment Framework. The draft statement will be made available for public comment.

Step 4:

After considering the comments, the Board will decide whether to accept the standard and publish a Recognition Statement. One consideration that may factor into whether a standard is consistent with the ICoC is “practical considerations relating to the ability of the ICoCA to effectively assess the Additional Information associated with a standard.” It will soon be seen whether this consideration is an issue in the assessment of the ISO 28007-1: 2015 Ships and marine Technology: Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract), which is the next standard the ICoCA will analyze. As we argued before, that standard still has some significant human rights shortcomings which will surely generate a good bit of information for the ICoCA.

Step 5:

After a Recognition Statement has been released, member companies can seek ICoCA certification by evidencing certification to the recognized standard by an independent, accredited certification body. A company will provide to the Secretariat the certificate and the additional information detailed in the Recognition Statement, and the Secretariat will review the materials and make a recommendation to the Board whether to approve a company for ICoCA certification. If the Secretariat has concerns about a member company’s ability to gain approval, it can engage that company in discussions to clarify what additional steps and information may be needed to gain approval. Prior to casting its vote the Board can request the Secretariat to elicit additional information from a company, if it deems this necessary to its ability to cast a vote on ICoCA certification.

If all goes well, and the Board votes to grant ICoCA certification to a company, that certification will have the same scope as the certification provided by the independent, accredited certification body. ICoCA certifications will be valid for a period of three years, as is the case for certification to PSC.1. In keeping with its role to foster industry best practices, the Secretariat can provide companies Advisory Comments to assist them with ICoC implementation.

The finalization of the certification procedure is a big step forward in ensuring governance and oversight of the ICoC. While the road ahead is still long, with the ICoCA tackling monitoring and reporting procedures as its next task, relative to other industries operating in complex environments, the private security industry is demonstrating that it is willing to actually subject itself to audits and evidence that it is implementing human rights standards.

New ISO Standard for Private Maritime Security Companies Reflects Some Progress on Human Rights

In a previous Human Rights in Complex Environments blog, we argued that the ISO/PAS 28007:2012 Ships and marine technology – Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract) – ISO/PAS 28007 in short – could not be described as a “security and human rights” standard. At the time, the Publicly Available Specification was being developed into a full ISO standard. That standard, ISO 28007-1: 2015, is now completed and available. While some improvements have been made in terms of clarifying the human rights responsibilities of PMSCs providing armed security on board ships, shortcomings remain.

What ISO-28007-1 is and is not

ISO 28007-1 suffers from a bit of an identity crisis. It is a set of informative guidelines for organizations implementing ISO 28000: Specification for security management systems for the supply chain. In other words, it is additional guidance for organizations wanting to assure security in their supply chains, which is different from the management of private security operations and the responsible provision of armed security services – something that standards like ANSI/ASIS PSC.1:2012 Management system for quality of private security company operations – Requirements with guidance (PSC.1) and its accompanying guidance specific to private maritime security, ANSI/ASIS PSC.4-2013: Quality Assurance and Security Management for Maritime Private Security Companies – Guidance (PSC.4), do explicitly address. While the Introduction to ISO 28007-1 states that, “[i]n effect, ISO 28000 is a risk-based quality management system for the security of operations and activities conducted by organizations,” in reality ISO 28000 is not a quality management system and the word quality appears nowhere in the main body of ISO 28000.

Furthermore, it should be noted that ISO 28007-1 is specific to the provision of security services on board ships. The evolving industry is largely unaddressed by the standard, and it does not cover newer activities, such as offshore installation protection, littoral work, and seismic survey work, which are more likely to put PMSCs in a position where human rights might become an issue.

Improved human rights provisions

As noted in our previous blog, human rights were almost wholly absent from the ISO/PAS 28007. The Universal Declaration of Human Rights (UDHR) was not listed as an informative document in the bibliography, and in the entire standard human rights were only correctly referenced twice: once in conjunction with health and safety stating that the organization should have guidelines for disciplinary offenses involving human rights abuses, and the second time to state that the organization should develop procedures to identify applicable international law to include human rights obligations. While the UDHR still is not referenced in the bibliography and the term international human rights law appears nowhere in the ISO 28007-1, the Introduction now explicitly references the UN Guiding Principles on Business and Human Rights (UNGPs), which reflect the current international norm for responsible business conduct with relation to the human rights impacts of companies. Specifically, the Introduction states: “Organisations seeking to be certified to this International Standard should respect the human rights of those affected by the organisations [sic] operations within the scope of this International Standard, including by conforming with relevant legal and regulatory obligations and the UN Guiding Principles on Business and Human Rights.” This is a marked improvement over the ISO/PAS 28007. However, choosing to reference the UNGPs only in the Introduction and not integrating them and elaborating on their relevant provisions in the main body of the guidance weakens the expectation that companies conform to the UNGPs. The drafters could have cited the UNGPs as a normative reference, as was done with the ISO 18788 Management system for private security operations – which is the international standard based on PSC.1 – but that path was not taken. Furthermore, the definition provided of the UNGPs is incomplete and only discusses the human rights responsibilities of companies, i.e. Pillar II, and not the accompanying human rights obligations of States and the need for both States and companies to provide effective access to remedy for victims of human rights abuses linked to economic activities.

That being said, referencing the UNGPs is not the only improvement in the ISO 28007-1’s human rights provisions. Noteworthy are the following additions:

  • The term stakeholders is now used and impacted communities have been added as a relevant stakeholder.
  • As part of the risk assessment process, organizations are advised to carry out meaningful consultation with relevant stakeholders, including those directly affected by their operations.
  • Organizations should have a human rights policy, alongside a Code of Ethics.
  • In addition to minimum age requirements for PCASPs, there is also now a commitment not to employ child labor and referencing of relevant ILO conventions.
  • The provisions on complaints and grievance procedures have been improved and now reference protection of whistle-blowers, procedures to assess effectiveness of complaints and grievance mechanisms, and procedures to protect complainants from retribution.

 

It is also noteworthy that remarks in the definitions section which stated that the International Maritime Organization does not believe that the International Code of Conduct for Private Security Service Providers (ICoC) or the Montreux Document are applicable to maritime security operations were removed. The ICoC and Montreux Document have been added to the bibliography.

Still room for more improvement

While these additions warrant recognition, there is still room for strengthening the human rights provisions of the IS0 28007-1 if it is to truly reflect the UNGPs. Additional improvements should entail:

  • Recommending that organizations carry out a human rights due diligence process, to include conducting a human rights risk and impact assessment to identify, address, and mitigate actual and potential negative human rights impacts.
  • Clarifying that when organizations systematically evaluate and prioritize risk controls, management, mitigation, and treatments that they should prioritize addressing human rights risks based on their scope and severity. Not addressing actual or potential severe human rights risks raises legal liability concerns, and not just considerations of reputation and cost effectiveness. Severe human rights risks linked to an organizations’ operations must be addressed even if risk treatment is not cost effective per se.
  • Adding provisions that explicitly state that negative human rights impacts should be remediated.
  • Using past involvement in human rights violations as a screen for vetting PCASPs.
  • Requiring that PCASPs receive relevant human rights training.

 

Thankfully ISO standards are reviewed on a regular basis, so there will be opportunities in the future to include human rights experts in the review process and address these shortcomings.

Human Analytics Makes Recommendations for the U.S. National Action Plan on Responsible Business Conduct

Human Analytics has submitted the following recommendations to the State Department, which is overseeing the process to develop a U.S. National Action Plan (NAP) on responsible business conduct. The recommendations focus to security and human rights, which was a theme of the NAP consultation held in Norman, OK at the University of Oklahoma on April 9. Human Analytics participated in the consultation. The below recommendations, as well as those submitted by other organizations and individuals, can be found at the International Accountability Roundtable’s website dedicated to the NAP process.

Human Analytics Recommendations for the U.S. National Action Plan on Responsible Business Conduct with regard to Private Security

April 22, 2015

Human Analytics welcomed the chance to participate in the recent April 2 National Action Plan (NAP) consultation held at the University of Oklahoma in Norman, OK, which had as one focus security and human rights. Human Analytics is a consultancy specializing in helping public and private organizations, in particular private security providers, address human rights risks associated with operating in complex environments. We would like to offer the following recommendations related to the private security industry for consideration as the U.S. government proceeds with developing its NAP on responsible business conduct.

Require Enhanced Human Rights Due Diligence:

The private security industry frequently operates in high-risk, conflict-affected areas. As Guiding Principle 7 of the United Nations Guiding Principles on Business and Human Rights indicates, the risks of human rights abuses are heightened in such areas, and States must help ensure that business enterprises operating in those contexts are not involved in abuses. As the Commentary to Guiding Principle 7 notes, States “should review whether their policies, legislation, regulations and enforcement measures effectively address this heightened risk, including through provisions for human rights due diligence by business.” Human Analytics recommends that the U.S. government mandate at a minimum for its contracted private security service providers that they undertake an enhanced human rights due diligence process and disclose their findings, to include a company’s human rights due diligence policies and procedures, risks and impacts identified, and measures taken to prevent, mitigate and address them throughout their operations. The U.S. government should also encourage, for example through its participation in the Voluntary Principles on Security and Human Rights, private sector clients of the security industry, such as oil, gas, and mining companies, to undertake and disclose information about their human rights due diligence processes. Legislative precedent for such a requirement already exists, for example the mandatory disclosure of due diligence measures relating to conflict mineral supply chains under Dodd-Frank 1502. Other organizations, such as Amnesty International USA and NomoGaia, have made similar recommendations.

Assist the Private Security Industry with the Development of a Human Rights Risk and Impact Assessment Tool:

Guiding Principle 7 states that States should engage “at the earliest stage possible with business enterprises to help them identify, prevent and mitigate the human rights-related risks of their activities and business relationships” as well as provide “adequate assistance to business enterprises to assess and address the heightened risks of abuses.” One means through which the U.S. government could further efforts of the industry to engage in an effective, enhanced human rights due diligence process is to assist with the development of a security industry specific human rights risk and impact assessment tool. A venue already exists to do this, namely the International Code of Conduct Association (ICoCA). The U.S. is a founding member of the State pillar of the ICoCA. According to the ICoCA Articles of Association, one purpose of the Association is to serve as a central agency for the promotion of industry best practice. The U.S. government should provide funding to the ICoCA to develop a human rights risk and impact assessment tool. Despite promises otherwise, to date the U.S. government, unlike other member States, has not provided monetary or in-kind assistance to the ICoCA.

Ensure Policy Coherence:

Guiding Principle 8 recommends vertical and horizontal policy coherence to “ensure that governmental departments, agencies and other State-based institutions that shape business practices are aware of and observe the State’s human rights obligations when fulfilling their respective mandates.” Furthermore, Guiding Principle 6 states that “States should promote respect for human rights by business enterprises with which they conduct commercial transactions,” for example through procurement policies and practices. With respect to the U.S. government’s role as both a regulator and user of private security services, greater policy coherence entails ensuring that the Department of Defense (DoD) and Department of State (DoS) undertake similarly rigorous measures in procuring, overseeing, and regulating contracted private security providers. In particular, there is inconsistency in the level of commitment to more privatized forms of governance, such as the International Code of Conduct/ICoCA and the ANSI/ASIS PSC.1-2012 Management System for Quality of Private Security Company Operations – Requirements with Guidance (PSC.1). While the DoS has announced that it will require its security providers to be members in good standing of the ICoCA and to certify compliance to PSC.1, the DoD has thus far only required compliance to PSC.1 in the DFARS.

Perhaps more significantly, the U.S. Agency for International Development (USAID) has been largely absent from both initiatives. While USAID does not directly contract for private security services to the same extent, the organizations it partners with do utilize and subcontract with private security providers. USAID should require its implementing partner organizations to place similar requirements on their security providers.

These recommendations are in keeping with those made by Amnesty International USA, namely that “[g]overnment procurement contracts with private companies should include requirements that they carry out human rights due diligence and report on their due diligence policies and practices. They should also include clauses providing for the suspension or termination of contracts based on non-compliance. Companies that are directly or indirectly linked to human rights abuses should become ineligible for public procurement contracts.” The U.S. government has the opportunity to use the power of its purse strings to ensure corporate respect for human rights and greater accountability for companies complicit in the commission of human rights abuses.

Improve Accountability by Closing Gaps in U.S. Laws:

While the recent convictions of four Blackwater security contractors involved in the 2007 shooting deaths of Iraqi citizens in Nisour Square demonstrated that U.S. laws can reach extraterritorially to address human rights abuses committed overseas, news reports indicate that an appeal of the verdicts is likely based on the fact that the Blackwater contractors were operating on behalf of the DoS at the time, and thus did not fall under the jurisdiction of the Military Extraterritorial Jurisdiction Act. The U.S. Congress must pass the Civilian Extraterritorial Jurisdiction Act to close gaps in the law by extending federal criminal jurisdiction over all U.S. government contractors. As the International Corporate Accountability Roundtable elaborates in its “Shadow” U.S. National Baseline Assessment for Pillar 1 of the UN Guiding Principles,

“The Military Extraterritorial Jurisdiction Act of 2000 (MEJA)… includes criminal liability for people who are “employed by or accompanying the armed forces” abroad. However, this includes contractors and sub-contractors hired by the Department of Defense only. The proposed Civilian Extraterritorial Jurisdiction Act of 2011 (CEJA) aimed to address this gap by amending Title 18 of the United States Code to clarify and expand federal criminal jurisdiction over federal contractors and employees who commit certain crimes outside of the United States while employed by or accompanying any agency of the United States other than the Department of Defense (DOD). The CEJA bill was introduced on 3 June 2011, in a previous session of Congress, but was not enacted.”

The private security industry has in the past expressed support for legislative proposals that would close the gaps in MEJA.

We thank the Department of State for coordination of the NAP consultations and hope these recommendations are of use. We look forward to continued engagement throughout the process of developing the NAP.

Register Now – Managing Human Rights Risks in Complex Environments – April 9 (Washington, D.C.)

Sponsored by the International Stability Operations Association (ISOA)

Co-sponsored by Fund for Peace/Facilitated by Human Analytics

MANAGING HUMAN RIGHTS RISKS IN COMPLEX ENVIRONMENTS

ISOA Members are leaders in the stability operations industry. They provide vital services in complex environments around the world. Their activities support peace building, stabilization and reconstruction efforts, security sector reform, humanitarian aid and disaster relief operations, and long-term development projects.

However, the fragile nature of the operating environments in which these services are provided pose potential risks to service providers and their public and private sector clients. In particular, the management of human rights related risks has been the focal point of various international initiatives to set standards applicable to service providers and their clients.

Beyond standards specific to particular sectors, such as private security, oil, gas, and mining, and humanitarian assistance, the UN has developed a broader framework – the UN Guiding Principles on Business and Human Rights – to assist all business enterprises, in partnership with governments, with ensuring respect for human rights.

This one-day forum will provide updates on a number of standard setting initiatives to address risks associated with operating in complex environments. Case studies will explore how various organizations have converted principles into management practice. Private sector clients will discuss the incorporation of standards into contracts, and U.S. government officials will offer insights into recent policy and procurement related developments. Legal, management consulting, and auditing experts will offer perspectives on standards compliance.

Thursday, April 9, 2015

9:00am – 5:30pm

LOCATION:

Hosted by the law offices of Foley Hoag – 1717 K. St, NW, Washington, D.C.

TO REGISTER:

http://www.stability-operations.org/events/event_details.asp?id=617493

(Open to the public and no cost to attend. Space is limited.)

AGENDA:

9:00am-9:10am                 Welcoming remarks                      

Ado Machida, President, International Stability Operations Association

Gare Smith, Partner, Foley Hoag Corporate Social Responsibility Practice

9:10am-9:30am                 Keynote address: The business case for managing human rights related risks

Representative from Unilever, TBD

9:30am-10:45am               Governments as clients: Key human rights concerns from the perspective of state actors

Moderator: Doug Brooks, President Emeritus, International Stability Operations Association

Jason Pielemeier, Special Advisor & Team Lead, Internet Freedom, Business, and Human Rights, U.S. Department of State

Christopher Mayer, Program Support, Acquisition, Technology and Logistics, U.S. Department of Defense

Donald “Larry” Sampler, Assistant to the Administrator, USAID

Representative from British Embassy, TBD

10:45am-11:15am            Coffee break

11:15am-12:30pm            Recent developments in standards for complex environments

Moderator: Dr. Rebecca DeWinter-Schmitt, Senior Managing Director, Human Analytics

The Voluntary Principles for Security and Human Rights

J.J. Messner, Executive Director, Fund for Peace

International Code of Conduct Association

Chuck Tucker, Executive Director, World Engagement Institute and Board Member ICoCA

ANSI/ASIS PSC.1 Management System for Quality of Private Security Company Operations and the Draft International Standard 18788 Management System for Private Security Operations

Dr. Marc Siegel, Commissioner, ASIS Global Standards Initiative

Standards in the Humanitarian Space

Laky Pissalidis, Security Director, InterAction

Trevor Hughes, Director of Risk Management & Global Security, International Relief & Development; Board Member, International NGO Security and Safety Association

12:30pm-1:30pm              Lunch

1:30pm-2:45pm Ensuring the implementation of standards

Moderator: Dr. Ian Ralby, Founder and Executive Director, I.R. Consilium

Legal considerations

Gare Smith, Partner, Foley Hoag Corporate Social Responsibility Practice

Implementing management system standards

Lisa DuBrock, Managing Partner, Radian Compliance

Third party certification

Tony Chattin, Director, MSS Global

2:45pm-3:15pm Coffee break

3:15pm-4:30pm Due diligence in the field: Case studies of standards implementation

Moderator: Clements Worldwide, TBD

Erik Quist, Vice President and General Counsel, Sterling Global Operations (invited)

Nick Welch, Director International Relations, Noble Energy (invited)

Dr. Kateri Carmola, Director, Carmola Consulting Group

Rafael Khusnutdinov, Director Global Safety and Security, Save the Children

4:30pm                                 Reception

New Report from The Economist Provides Insights into Corporate Leaders’ Perspectives on Human Rights

There is no doubt that business and human rights has gone mainstream when The Economist Intelligence Unit writes a report on the subject. The Road from Principles to Practice: Today’s Challenges for Business in Respecting Human Rightssponsored by a number of governments, business groups, non-governmental organizations, multinational companies, and law and auditing firms – explores businesses’ perspectives on their human rights responsibilities and the steps being taken to implement them. Based on a survey of 853 senior corporate executive from companies around the world as well as nine in-depth interviews of thought leaders, the report provides interesting insights into the state of the art in the field of business and human rights in terms of thinking and practice.

Some of the outcomes are somewhat unexpected. The “business case” for companies to respect human rights, in other words the economic benefits to the corporate bottom-line, has been the primary selling point through which the business world has been lobbied to take up its responsibilities. Eight three percent of the executives surveyed agreed that human rights are a matter for business as well as governments. Furthermore, and naturally with some sector specificity, most executives recognize that their corporate activities can impact on myriad human rights categories. But when asked about the biggest drivers for their companies’ commitment to respect human rights, the top driver (48%) was “building sustainable relationships with local communities.” The other top three answers were “protect company’s brand and reputation” and tying for third place “moral-ethical considerations” and “employees’ expectations about company values and actions.” Coming in at seventh place (21%) was “there is a clear business case for doing so.” While no doubt some of the top responses can be read as economic justifications for respecting human rights, i.e. mitigating risks linked to dissatisfied local communities, protecting the value of the brand, and attracting and retaining top employees, the survey seems to indicate that we may be starting to see a shift away from purely instrumental, short term thinking, to more holistic, mid- to long-term considerations of human rights responsibilities and impacts.

But is this recognition of human rights responsibilities also translating into action? Here the survey results are less satisfactory. Pillar two of the UN Guiding Principles on Business on Business and Human Rights lays out the corporate responsibility to respect human rights. (For an introduction, see Human Analytics Business and Human Rights 101 Prezi.) Looking at two key requirements in pillar two, the survey results evidence that there is still work to be done.

Guiding Principle 16 details the need to develop a publicly available statement of policy committing to respect human rights, which stipulates the expectations of personnel, business partners, and other parties linked to a company’s operations. Only 22% of corporate executives state that their firms have a publicly available human rights policy in some form. Of those, only 37% consulted with external stakeholders, although the Guiding Principles recommend that relevant external expertise inform human rights policies. On the upside, 66% of companies with a public human rights policy train and provide guidance to their employees on it, and 62% communicate the policy across all business relationships.

Guiding Principle 21 states that companies must “know and show” that they address their human rights impacts in practice through formal communications. While 42% of respondents communicate to internal stakeholders on human rights issues, only 27% communicate to external stakeholders. Only 11% publish an annual report on human rights related issues, and a mere 10% report on assessments of human rights impacts for parts of their operations.

The survey did not attempt to tackle two other key requirements of the corporate responsibility to respect human rights, namely a due diligence process to identify, mitigate, and account for how human rights impacts are addressed and a process to remedy adverse human rights impacts. Clearly, questions posed on those matters likely would have made the road ahead seem much longer.

So what is to learn from industry leaders in terms of best practices on that journey? First and foremost, the commitment to respect human rights has to come from the C-suite. Leading companies are much more likely to have their CEOs involved in developing and implementing their human rights policy commitment (59% of the leaders compared with 39% among the rest). Second, leaders display a shift in corporate culture, where the driver for respecting human rights is as much a moral/ethical one as a business one.  Finally, leaders integrate human rights throughout their operations. Seventy eight percent of leaders have at least one department tasked with leading on human rights issues, and on average leaders have nine functional teams that are either leading or actively involved on human rights policy and practice.

What are the most common barriers – both among leaders and the rest – in understanding and implementing the requirement to respect human rights? Thirty two percent cite a lack of understanding of the company’s human rights responsibilities, 27% point to the lack of available company resources, and 25% note the lack of training and education for employees. Seeking dialogue and advice from external stakeholders is key to overcoming these barriers. From non-governmental organizations, local communities, government actors, to consultancies and law firms, a range of interlocutors are emerging who can help educate companies and their personnel, raise awareness on human rights issues, develop policies, and create tools to operationalize and implement them into management practices.

REMINDER: Human Analytics Hosts Sean McFate Presenting on The Modern Mercenary

Human Analytics, in conjunction with the Human Rights in Business Program of the Washington College of Law Center for Human Rights & Humanitarian Law, the Global Governance, Politics & Security Program and the Ethics Peace & Global Affairs Program at American University’s School of International Service, are sponsoring a presentation by Sean McFate, author of The Modern Mercenary, published by Oxford University Press. The event will take place in the SIS Abramson Family Founders Room from 3-5 pm on Tuesday, February 24. The event is free and open to the public. No registration is required.

McFate_ModernMercenaryEVENTFLYER_JDSV3

Framework or fragmentation of standards for private security providers?

IRAQ-US-SECURITY-BLACKWATER

 

 

 

 

 

 

 

 

A recent article in the Fletcher Security Review entitled “Accountability for Armed Contractors” by Dr. Ian Ralby provides an excellent, concise summary of what he terms “accountability initiatives” for private armed contractors. The key declarations, codes, and management standards he highlights include the following:

 

Ralby expresses a number of concerns about the ability of these initiatives to ensure effective governance and accountability. Many of them, he argues, are a legacy of the Iraq and Afghanistan wars and may be ill-suited to addressing future challenges the industry may face as it moves into new areas of work. This is reminiscent of Sara Percy’s argument that efforts to regulate the private security industry have been a matter of “regulating the last war,” rather than dealing with current and emerging trends. Furthermore, even though these initiatives are backward looking, they have gaps and do not address all the issues that have arisen to date, which could result in a loss of confidence. Ralby also notes that there is not a consistent approach across all U.S. government agencies in how security contractors are procured and to which initiatives armed security providers are expected to adhere.

Emerging convergence

The latter is indicative of what Ralby sees as the larger problem with accountability initiatives to date, namely that “the resulting collection forms a patchwork, rather than a framework for governing the conduct of armed contractors.” However, this concern may be overstated in light of developments in the past year within the landscape of initiatives for armed security services, which have trended away from fragmentation towards signs of convergence. Ralby makes the sensible recommendation that initiatives be revisited in light of the changing nature of industry operations, and one should add evolving normative and practical understandings of appropriate corporate behavior. Yet, this is exactly what is happening and contributing to a more coherent framework. For example, the ICoCA’s proposed additional human rights-related information requirements for certification (beyond what certification to PSC.1 already requires) are grounded in the human rights risk and impact assessment language of the UN GPs – something which cannot be found in the ICoC itself, which was completed in 2010 before the finalization of the UN GPs. While PSC.1 makes reference to the UN GPs, they were released just before completion of the management standard in 2012, and implementation of the UN GPs’ human rights due diligence requirements had not yet been put into practice by companies. With expected release of the ISO 18788 mid-this year, one finds in the draft international standard more thorough due diligence requirements than explicated in either the ICoC or PSC.1, to include human rights risk analysis as part of the risk assessment and management process.

Voluntary and mandatory regulation: Two sides of a coin

The three pillars of the UN GPs – the state responsibility to protect human rights, the corporate responsibility to respect human rights, and the right of victims to access remedy – clarify that mandatory State regulation of companies and voluntary corporate commitments to respect human rights are two sides of a coin rather than a dichotomy. The Montreux Document, which is largely directed at States, and the multi-stakeholder ICoC/ICoCA were conceived from the outset as two interconnected parts of the Swiss initiative – an effort to find international consensus on appropriate regulation of armed security services. This recognition of the interconnected nature of State-based regulation and corporate self-regulation is reflected in recent efforts to further link the Montreux Document and the ICoCA. The Montreux Document Forum was established this past December to support national implementation of the Montreux Document’s legal obligations and good practices, develop implementation tools, and to encourage greater state support of it. The Forum will offer a venue for interstate dialogue on better regulation of armed security providers, and will support the functions of the ICoCA’s Advisory Forum of Montreux Document participants. The Advisory Forum, as foreseen in the ICoCA’s Articles of Association, is to provide advice on national and international policy and regulatory matters to the ICoCA.

Closing gaps

The blurring of the line between voluntary and mandatory regulation is further evidenced by the fact that governments, to include the U.S. government’s Departments of Defense and State, have included or are planning to include conformance with accountability initiatives in procurement decisions. Ralby expresses concern that differential requirements – with the DoD procurement regulations referencing PSC.1 and the DoS security contracts, in particular the Worldwide Protective Services contract, likely to require PSC.1 and ICoC conformance – exacerbate fragmentation. However, with the ICoCA soon likely to decide to accept certification to PSC.1, with some additional informational requirements, as the basis for receiving certification to the ICoCA, the “gaps” between the two becomes less of an issue. The DoD continues to be actively involved in the ICoCA as well as funding management standards development. The PSC Series standards were created to operationalize and embed the ICoC’s requirements into a management system process. The DoD and other stakeholders involved in drafting ISO 18788 have further worked to reduce gaps with the ICoC and the UN GPs.

The road to “best value” and respect for human rights

As Ralby rightfully points out, these accountability initiatives when embedded into procurement processes work to the advantage of private security contractors. Government contractors have long asked for contract awards to be made on “best value” rather than “lowest price technically acceptable.” Accountability initiatives can serve as a “best value” differentiator for those willing to respect the human rights and humanitarian law requirements at the heart of these initiatives. From the perspective of affected communities that live in the areas where these companies operate, such initiatives offer an opportunity for greater respect of their human rights and access to remedy for negative impacts associated with security operations.

Association for oversight of private security companies holds meeting to share successes and plan the road ahead

logo-smallThe International Code of Conduct Association (ICoCA) held its Annual General Assembly meeting in London last week. The ICoCA was established last year to provide oversight and ensure implementation of the human rights and humanitarian law commitments laid out in the International Code of Conduct for Private Security Services Providers (ICoC). The gathering brought together members from the multi-stakeholder organization’s three pillars – private security companies, governments, and civil society organizations – as well as independent observers. Human Analytics is a member of the observer pillar. The cross-section of leading security companies and industry stakeholders came together to learn about the ICoCA’s activities in the past year, objectives for the coming year, and progress made in developing key procedures essential for effective oversight and accountability, namely certification, reporting, and monitoring.

Much has been accomplished since the launch of the ICoCA. Executive Director Andy Orsmond recounted the many steps taken to put the ICoCA on a sound organizational footing, such as setting up the Secretariat in Geneva, establishing Board election procedures, which allowed for the election of a new Board chair and two new Board members, the development of membership requirements and an application process, and creating infrastructure and an information security policy. The latter is particularly important to member companies, who must include detailed information about their operations in their applications, and will soon be requested to share additional information as part of the regular reporting requirements, which are still being developed. Those companies want to know that their information is being preserved in a confidential and secure fashion.

Looking to next year, from the basis of a strong financial footing, the ICoCA has laid out ambitious objectives for itself. One of the top priorities is to complete development of the certification process, to include voting on certification procedures and the creation of a framework to assess various national and international standards to which security companies are currently being certified. PSC.1, shorthand for ANSI/ASIS PSC.1-2012: Management System for Quality of Private Security Company Operations, is the first national standard to be evaluated against the requirements of the ICoC. A maritime security standard, ISO/PAS 28007, is next in line. Recognizing that attaining certification is a phased process, the ICoCA will develop a means for companies to transition into full certification.

In addition to tackling certification procedures, the Board has set up a working group that is currently in the process of developing reporting criteria and monitoring protocols. As the ICoCA seeks to grow its membership and the observer pillar in the coming year to include reaching out to other industry stakeholders, including non-state clients, potential new members and supporters will no doubt be interested in understanding what certification, reporting, monitoring, and grievance procedures look like in practice. The intense discussion among attendees about evolving concept papers on these various procedures leaves no doubt that developing these procedures will require extensive negotiations and consultations. However, listening to the Secretariat staff and Board members, it is clear that they are forging common ground. It is to the credit of the ICoCA that it is carrying out these discussions in an open and transparent fashion.

Multi-stakeholder consensus building is never an easy process, but what comes out at the end will likely have greater legitimacy and credibility. As UN Business and Human Rights Working Group member Alexandra Guaqueta said in Geneva at the UN Forum the day before the Annual General Assembly, the ICoCA reflects a “new generation” of multi-stakeholder initiatives. She described it as being exemplary for its consultative nature, the solid technical work it is based on, its strong governance structure with greater accountability mechanisms, its solid membership with willing first movers, the high level of industry participation, and a built in incentive structure, with participating governments building adherence to the ICoC into procurement processes.

However, as other participants remarked, to move forward each pillar must be prepared to give a little and not allow the perfect to be the enemy of the good. The ICoCA will always be a work in progress.

 

Why the ISO standard for maritime security – ISO/PAS 28007 – is not a security and human rights standard.

A recent blog on the Measuring Business and Human Rights website examines the wide range of codes of conduct and management system standards that have been developed in recent years to guide the responsible provision of security services, on land and at sea. However, the inclusion of an International Organization for Standardization (ISO) standard for maritime security in that list of codes and standards is erroneous. The ISO/PAS 28007:2012 Ships and marine technology – Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract) – ISO/PAS 28007 in short – cannot be described as a “security and human rights” standard. ISO/PAS 28007 stands out from the other standards because of the lack of inclusivity and transparency in its drafting and for its failure to include human rights provisions.

To the first point, unlike the committee that drafted ANSI/ASIS PSC.1:2012 Management system for quality of private security company operations – Requirements with guidance (PSC.1 in short), which included academics and representatives from NGOs such as Human Rights First, Amnesty International USA, the Geneva Center for the Democratic Control of Armed Forces, and Fund for Peace, the Technical Committee that drafted the ISO/PAS 28007 did not include academics, civil society organizations, and other key interested parties and stakeholders.

Regarding human rights, the ISO/PAS 28007 cannot be described as contributing to the mutually reinforcing and complementary nature of the other standards. Two notes in the definitions section point out that the International Maritime Organization does not believe that the International Code of Conduct for Private Security Providers (ICoC) or the Montreux Document are applicable to maritime security operations. This will make it very challenging for the ICoC Association to consider recognizing certification to the ISO/PAS 28007 as meeting the principles and certification requirements of the ICoC.

The ICoC Association will also likely struggle with the fact that the ISO/PAS makes almost no reference to international human rights law. The Universal Declaration of Human Rights is not listed as an informative document in the bibliography, and in the entire standard human rights are only referenced twice: once in conjunction with health and safety stating that the organization should have guidelines for disciplinary offenses involving human rights abuses, and the second time to state that the organization should develop procedures to identify applicable international law to include human rights obligations. Human rights are erroneously mentioned a third time referring to possible limits under human rights law to screening personnel. International human rights law does not speak to this issue.

What is not addressed in the ISO/PAS 28007 that is covered in other standards like the ICoC and PSC.1? Two key issues neglected in the ISO/PAS 28007 are the responsibility of maritime security companies to respect human rights and to carry out human rights due diligence processes. There is also no mention of conducting human rights risk analyses or engaging with affected communities and stakeholders during that process. In fact, there is no mention that maritime security operations can potentially impact on human rights. Furthermore, there are no stipulations for human rights trainings for personnel, and the requirements for grievance mechanisms are inadequate. While there is a provision that no one under 18 should be employed to carry weapons, there is no reference to avoiding the worst forms of child labor or other gross human rights violations. The ISO/PAS 28007 is simply not a human rights standard.

Unfortunately, it also falls short in terms of what certification to the standard can hope to accomplish with regards to ensuring responsible provision of maritime security services. One important point about certification to the ISO/PAS 28007 needs to be clarified. Companies are not certified to the ISO/PAS 28007; as a Publicly Available Specification (PAS) this is not possible. Technically they are certified to ISO 28000: Specification for security management systems for the supply chain using ISO/PAS 28007 as guidance. Here there is a fundamental breakdown in the logic of what companies claim to be achieving through certification. The ISO 28000 is about addressing risks in the supply chain. It is not about addressing the risks of security operations, or about the quality of security operations – two things that PSC.1 does address.

Currently, the Technical Committee that created the ISO/PAS 28007 has submitted it for comments and voting as a Draft International Standard (DIS). If successful, this would turn the ISO/PAS into a full ISO international standard. The DIS has not been updated and is the PAS word for word – quite surprising considering that 22 maritime security companies have been certified to date. One would think that there would have been at least a few lessons learned that would indicate the need for some changes to the standard’s language. The DIS is currently open for comment until the end of October and the vote closes on November 19. Interested parties should take this opportunity to reach out to their national standards bodies and submit their comments and concerns. If the ISO 28007 wants to be in the company of the other security standards detailed in the Measuring Business and Human Rights blog, it must include human rights provisions.

For a detailed chart, comparing the provisions of the ICoC, PSC.1 and the Voluntary Principles on Security and Human Rights, see the recent briefing paper by Human Analytics.

New Briefing Paper Examines Standards for Private Security Service Provision

Human Analytics is pleased to offer a new briefing paper, Standards for Private Security Services. The paper examines three initiatives particularly relevant to the responsible provision of private security services: the International Code of Conduct for Private Security Service Providers, ANSI/ASIS PSC.1-2012 Management System for Quality of Private Security Company Operations – Requirements with Guidance, and the Voluntary Principles on Security and Human Rights. A convenient table provides a comparison of all three at a glance, highlighting key human rights related content, assurance frameworks, enforcement and grievance mechanisms, reporting, and governance structures. In addition, background information on the origins of the initiatives, their relationship to each other, implementation efforts, and recent developments are provided.  To download a free copy of the briefing paper, click here.

New “Business and Human Rights 101” Prezi Available

BHRs 101 Front slide

Human Analytics is pleased to offer a free Business and Human Rights 101 Prezi slide show. The presentation is an introductory exploration of the origins and emergence of international consensus on the corporate responsibility to respect human rights. It examines the provisions of the UN Guiding Principles on Business and Human Rights (UN GPs), which were unanimously endorsed by the UN Human Rights Council in 2011, and details key concepts relevant for companies, including human rights due diligence, corporate complicity, leverage, and responsibility for business relationships. A growing number of companies are recognizing the business case for implementing the UN GPs. This resource offers a helpful introduction for those unfamiliar with the human rights responsibilities of business. To view the Prezi, click here.

New Human Rights at Sea Initiative Contributes to the German Government’s “Charter of the Future – One World – Our Responsibility”

HRASAn important new initiative, Human Rights at Sea, was launched this past April. In the words of its founder, David Hammond, Human rights apply at sea, as equally as they do on land. The HRAS initiative aims to raise awareness of human rights issues relevant to the maritime industry, and to ensure implementation and accountability for human rights protections. The initiative is of particular interest to those working on business and human rights as one of HRAS’s projects is to encourage the uptake of the UN Guiding Principles on Business and Human Rights in the maritime industry, as well as to develop a model maritime human rights impact assessment.

In a recent blog posting, re-posted below, HRAS announced that it contributed to the German government’s efforts to develop a “Charter of the Future – One World – Our Responsibility”. The Charter when completed will reflect multi-stakeholder input and feed into Germany’s efforts to contribute to the further development of the UN Millennium Development Goals. HRAS in its contribution stressed the importance of good governance as furthered by the development and promotion of human rights policies applicable in the maritime environment.

The Human Rights at Sea international initiative contributes to the German Federal Government’s initiative “Charter of the Future – One World – Our Responsibility” by invitation as part of the United Nations Millennium Development Goals.

2_HumanRightsSea-1001

 

The HRAS international initiative is strongly represented in Germany. Its engagement with and by the German Federal Government has been a leading example of direct European engagement on the international issue of promoting human rights at sea, associated good governance and best practice for human rights in the maritime environment.

BUND-image-ver-1398327986144The crucial importance of the protection of human rights at sea for the effective promotion of good governance has been highlighted and discussed in a recent HRAS article which was recently published on the German Federal Government’s initiative of the “Charter of the Future – One World – Our Responsibility” lead by the German Federal Ministry for Economic Cooperation and Development (BMZ).

 

Charter for the future - logo_zukunftscharta_enHRAS joined the initiative on 29 July 2014 by initially participating in two online forums for the development goals; namely Forum 1 on ‘Human Rights’ and Forum 2 on ‘Business, Human Rights and Sustainability’. The article, written by the Head of HRAS in Germany, Jens Dieckmann, and HRAS supporter Christina Kerll both Attorneys at Law in Germany, presented the vision of HRAS on good governance in the maritime environment. This further contributed to Forum 4, which serves to identify challenges in the area of good governance for the post-2015 development agenda led by the German Federal Government.

The article submits that; “good governance can only be promoted sustainably if Human Rights at the High Seas are effectively respected, protected and safeguarded.”

Taking into account the long-term challenges in international waters, such as the fight against piracy and the protection of boat people, migrants and refugees, HRAS calls for directing future attention to the development and human rights policies, particularly in respect of their use in international waters.

HRAS Founder, David Hammond said: “I am absolutely delighted with the response from the Federal German Government to HRAS and which has only been in existence since 3 April 2014. The positive Federal engagement and support shown to date has been a result of an international platform that fulfils the need for overt discussion and representation of human rights in the maritime environment and also, due to the continuous hard work of the HRAS German team led by Jens Dieckmann“.

Minister Gerd Muller imageThe German “Charter of the Future” has been initiated by the German Federal Minister for Economic Cooperation and Development, Dr. Gerd Müller, and it will be drafted up until November 2014. The Minister is currently engaged in a debate with the public about universally binding development goals. This process involves numerous events at the Federal level, the level of Federal states (Länder) and the municipal level.

The drafting process started in April 2014 and will end on 24 November 2014, when Federal Chancellor Merkel and Development Minister Müller will jointly present the Charter to the German public. In addition to the large number of national thematic fora and discussion rounds, all citizens have an opportunity to voice their views online on the German website .

The Ministry is developing the Charter together with the civil society, academia, churches and the private sector. Germany intends the Charter to be a special contribution to the further development of the United Nations Millennium Development Goals, referred to as the post-2015 process.

The German version of the HRAS article is available at: https://www.zukunftscharta.de/ecm-politik/zukunftscharta/de/journal/44335/post/27

New Human Analytics Briefing Paper on Designing a Human Rights Policy

HRPolicyDesign-Briefing-Paper

Human Analytics is pleased to offer a new briefing paper on human rights policy design. This briefing paper discusses the reasons for developing a human rights policy, including the commercial benefits of putting a human rights policy in place. It details appropriate content for a human rights policy, as well as the steps in designing and implementing it. Creating a human rights policy is the essential first step in an effective human rights due diligence process, as outlined in the UN Guiding Principles on Business and Human Rights. To download the free briefing paper, click here.

Proposed Law Would Increase Accountability of Government Contractors

On Monday, Senator Patrick Leahy and Congressman David Price introduced in the Senate and House legislation that would make it easier for the Department of Justice to hold government contractors and employees accountable for certain offenses committed outside of the United States. Called the Civilian Extraterritorial Jurisdiction Act (CEJA), it would close loopholes in existing law by extending the jurisdiction of U.S. federal courts to address certain criminal acts and human rights abuses, to include those committed by U.S. contractors of government agencies other than the Department of Defense (DoD) that operate overseas. Currently, the Military Extraterritorial Jurisdiction Act (MEJA) applies to contractors that work on behalf of the DoD, or whose employment for another government agency supports the mission of the DoD.

The issue of the extraterritorial reach of U.S. federal courts over non-DoD contractors has arisen most recently in relation to the ongoing trial of four guards of the company formerly known as Blackwater, who are charged with the deaths and injuries of civilians in the 2007 Nisour Square shootings. At the time, the four men were Department of State contractors. Lawyers of the men claim that they were not directly supporting a DoD mission by providing diplomatic security, and that MEJA does not apply.

Human rights groups, such as the International Corporate Accountability Roundtable (ICAR), believe the time is ripe to pass legislation clarifying and expanding jurisdiction over U.S. contractors operating abroad, noting that “the United States continues to rely on private contractors in many of its overseas operations without providing clear parameters of which jurisdiction applies especially when crimes are committed by these contractors.” When introducing the bill in the Senate, Senator Leahy stated that, “Ensuring criminal accountability will also improve our national security and protect Americans overseas.”

Another challenge to addressing criminal acts and human rights abuses committed by contractors operating overseas is the ability to carry out investigations and obtain sufficient evidence in complex environments. CEJA also requires that the Attorney General create new investigative task forces to investigate, arrest, and prosecute contractors and employees who commit serious crimes overseas. In addition, the Attorney General must report to Congress on an annual basis about the offenses prosecuted under the statute and the use of investigative resources.

Proposed Binding Business and Human Rights Treaty Stirs Controversy

Three years after the unanimous endorsement of the UN Guiding Principles on Business and Human Rights by the UN Human Rights Council (UNHRC), the UNHRC passed a resolution on June 26 to begin the process of developing an international legally binding treaty to regulate the activities of transnational corporations and other business enterprises with respect to human rights. The resolution, sponsored by Bolivia, Cuba, Ecuador, South Africa, and Venezuela, revealed rifts between governments in the North and South, and among civil society organizations. Companies and their associations were unanimous in their opposition to the resolution.

The resolution was voted against by all the Western industrialized states on the UNHRC, including the U.S. and EU member states. The U.S. representative to the UNHRC warned: “We have not given states adequate time and space to implement the Guiding Principles… The proposed Intergovernmental Working Group will create a competing initiative, which will undermine efforts to implement the Guiding Principles.”

Past efforts at creating a binding treaty for business and human rights at the UN have failed. In the 1970s attempts to create a Code of Conduct for transnational corporations never came to fruition. More recently in 2003, the United Nations Sub-Commission on the Promotion and Protection of Human Rights pursued a treaty strategy with its drafting of the Norms on the Responsibilities of Transnational Corporations and Other Business Enterprises with Regard to Human Rights. The Norms were framed in mandatory terms, setting forth corporate obligations with respect to human rights, and would have paved the way for a treaty. But the Norms were rejected by the UN Human Rights Commission (which would later become the UNHRC), and set the stage for the creation of the mandate for a Special Rapporteur on Business and Human Rights. The position was held by John Ruggie, who led efforts to draft the UN Guiding Principles. It appears that the collective political will for a treaty is no greater this time around, leading John Ruggie to ask: “Will this latest attempt to impose binding international law obligations on transnational corporations turn out to be another instance of the classic dysfunction of doing the same thing over and over again and expecting a different result?”

In contrast, a second resolution passed by the UNHRC and sponsored by Norway and a number of other states encourages, among other things, a strengthening of the process to implement the UN Guiding Principles, extends the mandate of the UN Working Group on Business and Human Rights for another three years, and calls on the Working Group to launch a transparent, multi-stakeholder consultative process “to explore and facilitate the sharing of legal and practical measures to improve access to remedy, judicial and non-judicial, for victims of business-related abuses, including the benefits and limitations of a legally binding instrument, and to prepare a report.”

In a statement, the International Chamber of Commerce expressed “deep concern that the adoption of a resolution for a binding human rights treaty on multinational corporations will undermine progress already made by the widely supported UN Guiding Principles on Business and Human Rights.”

Various stakeholders have different perspectives on the value of a binding business and human rights treaty.

Some opponents of a treaty fear that a treaty process could undermine the consensus that was built among stakeholders around the UN Guiding Principles and could hamper ongoing implementation efforts. They question how a treaty can succeed if the key states that are headquarters to the majority of multinational companies refuse to participate and support the treaty process. As with any human rights treaty, it would likely take decades to negotiate and only be binding to states that choose to become party to it and implement their treaty obligations in national law. Human Rights Watch and Amnesty International expressed concern that Ecuador’s resolution fails to address the operations of domestic companies and focuses exclusively on transnational corporations.

John Ruggie noted the impossibility of one single treaty covering the complex issues at the nexus of business and human rights. In a recent opinion, he noted: “The crux of the challenge is that business and human rights is not so discrete an issue-area as to lend itself to a single set of detailed treaty obligations…  It encompasses too many complex areas of national and international law for a single treaty instrument to resolve across the full range of human rights. Any attempt to do so would have to be pitched at such a high level of abstraction that it would be devoid of substance.”

Supporters, including a coalition of over 500 NGOs and social movements, point to the voluntary nature of the UN Guiding Principles and inadequate implementation of them to date by states and companies alike. They are seeking greater corporate accountability for rights abuses and better access to remedy for victims of abuses. Friends of the Earth Europe has argued that implementation of the UN Guiding Principles and a treaty negotiation process can proceed on parallel tracks. Supporters also note that a treaty could create a globally more level playing field for businesses currently operating in jurisdictions with differential laws on human rights enforcement.

As things currently stand, it appears that efforts to negotiate a treaty with widespread support will likely fail due to the lack of consensus and political will for a treaty process. Best case scenario is a treaty that enjoys little support, but that might set the stage for more scoped efforts to do such things as strengthen domestic legislation, elaborate on states’ extraterritorial obligations for their multinational corporations’ conduct, and improve mechanisms of remedy for victims of corporate abuses. In a worst case scenario, disagreements over the treaty negotiations will undermine the careful consensus that John Ruggie built among states, business, and civil society around the UN Guiding Principles, and will distract from further efforts to implement these norms.

Risk Becomes Reality When Companies Fail to Respect Human Rights

Recent headlines are a reminder to companies operating in complex environments that failure to respect human rights can result in legal, financial, and reputational liabilities. There are very real risks and costs associated with not fostering a company culture and management processes that ensure that personnel are adequately vetted and trained on human rights standards. Human rights policies and procedures need to be endorsed and supported at the highest levels of management to be effective.

This is a lesson CACI International has had to learn as it continues to fight allegations that its personnel were involved in the torture at Abu Ghraib. On June 30, the U.S. federal court of appeals for the fourth circuit ruled that a civil suit against CACI could proceed. At the time the torture and other rights abuses occurred, CACI was providing interrogation and other services at Abu Ghraib. CACI has been staunchly fighting the suit for years which was brought on behalf of four Iraqis by the Center for Constitutional Rights.

The court of appeals’ ruling is significant for what it means for other companies accused of complicity in human rights abuses that occur overseas. The civil suit was brought using the Alien Tort Statute, which allows foreign nationals to bring suit in U.S. courts for gross human rights violations occurring outside of the United States. Last April in Kiobel v. Shell/Royal Dutch Petroleum, the Supreme Court ruled that “there is a presumption against extraterritorial application of the ATS, and that presumption can be overcome when the matter ‘touches and concerns’ the United States with ‘sufficient force’.” The appeals court ruling overturned a previous district court ruling that had foreclosed the possibility of a lawsuit because of lack of jurisdiction based on its interpretation of Kiobel. The court of appeals found that human rights abuses committed by a U.S. corporation under a U.S. government contract at a U.S.-controlled prison does “touch and concern” the United States sufficiently to allow the case to proceed.

Another company, Titan, now called Engility Holdings, which had provided translation services at Abu Ghraib, settled a lawsuit last year for $5.28 million that had accused its personnel of complicity in rights abuses.

The company formerly known as Blackwater is also back in the headlines. The company no longer exists after having changed its name to Xe, and then re-forming as Academi under new ownership. Academi recently merged with Triple Canopy under the ownership of Constellis Holdings, but will continue to operate as a separate entity. Despite the fact that Blackwater no longer exists, the company’s poor human rights track record continues to haunt Academi, which is in the position of having to frequently issue press releases distancing itself from Blackwater. Last month, the trial against four Blackwater guards began for their involvement in the shootings at Nisour Square in 2007 that left 14 dead and 18 others wounded. One guard is charged with first-degree murder and the other three face charges of voluntary manslaughter, attempted manslaughter, and gun charges. In 2010, Xe had settled a series of seven civil lawsuits brought against the company by families of victims who had been shoot by Blackwater guards at Nisour Square and elsewhere. The New York Times broke a story on June 29 that the State Department had begun an investigation of Blackwater’s operations in Iraq just weeks before Nisour Square, but that the investigation was dropped after the company’s top manager in Iraq allegedly issued a death threat against the lead investigator.

The failure of CACI, Titan, and Blackwater personnel to respect human rights have created real legal, financial, and reputational liabilities – for the personnel and for the companies. The human rights risks are high for companies operating in complex environments. For this reason, it is imperative that companies ensure that they embed respect for human rights throughout their global operations. Finally, while companies face liabilities if they do not ensure that their personnel respect human rights, so too do those contracting with companies when they do not exercise adequate oversight. State Department Under Secretary of Management Patrick Kennedy currently is facing Congressional scrutiny for inadequate contract management in the wake of the New York Times story. It is equally imperative that the clients of private security companies demand that their providers demonstrate respect for human rights before entering into contracts with them.

New Private Security Monitor Commentary on Draft ISO Standard for Security Operations

Image courtesy of Private Security MonitorHuman Analytics’ Rebecca DeWinter-Schmitt has written a commentary for the University of Denver Private Security Monitor website. Private Security Monitor is a one-stop shop with a wealth of information related to the use and regulation of private military and security services throughout the world. The commentary, A New Twist to Management Standards, Bringing in Human Rights, discusses the new International Organization for Standardization (ISO) management standard for security operations currently under development, which has at its core the need for security service providers to respect human rights throughout their operations. The commentary also discusses different perspectives on the relationship between the new ISO standard and two other existing standards for private security providers: the International Code of Conduct for Private Security Service Providers and the ANSI/ASIS PSC.1 – 2012: Management System for Quality of Private Security Company Operations. You can read the full commentary here.

New ISO standard for private security services under development

Private security contractors go into some of the most dangerous situations in the world to protect civilians. Photo: Aegis
Private security contractors go into some of the most dangerous situations in the world to protect civilians. Photo: Aegis

The May-June issue of ISOfocus, the magazine of the International Organization for Standardization, features an article, Policing Private Security, which highlights one of ISO’s current standard setting efforts to develop a management system standard for provision of private security services. An international management system standard will help security providers manage the risks associated with their operations, and ultimately contribute to the respect for human rights.

The article was written shortly after the first meeting, held in Montreux, Switzerland, of the international Project Committee tasked with writing the standard under the leadership of Marc Siegel. Siegel previously led the effort that resulted in the US national standard ANSI/ASIS PSC.1 Management System for Quality of Private Security Company Operations. The new ISO standard will build on PSC.1, as well as two other international standards: the Montreux Document on Private Military and Security Companies and the International Code of Conduct for Private Security Service Providers. Human Analytics’ Senior Managing Director, Dr. Rebecca DeWinter-Schmitt, attended the meeting in Montreux in an independent expert capacity as chair of the delegation representing the United States. In the article, she calls for greater civil society involvement in the development of the standard, noting that, “This International Standard will be the first of its kind to address the human rights risks of an industry through a management system process, and it is important to identify and bring on board human rights expertise.” The ISOFocus article can be found here.