Certifying Private Security Companies’ Human Rights Performance: Not All Certificates Are Created Alike
A growing number of private security companies (PSCs) providing security services overseas to the U.S. Department of Defense (US DoD) and U.S. Department of State (US DoS) are becoming certified by third party auditors as a means of demonstrating their adherence to international human rights and humanitarian law standards. However, newly released research by American University Washington College of Law’s Dean’s Fellow David Sebstead indicates significant inconsistency in PSCs’ adherence to standards based on publicly available information. In his Human Rights Brief article, Certifying Responsible Private Security Companies: Assessing the Implementation of Transparency and Disclosure Provisions, Sebstead found that certification may not be enough to assure clients of PSCs and the public that they are fulfilling their human rights responsibilities.
The increased use of PSCs in the wake of the Iraq and Afghanistan conflicts, and associated concerns about their human rights impacts, led to the emergence of a transnational governance framework comprised of declarations, codes of conduct, and management standards to ensure more effective governance and oversight of PSCs. A central component of this governance framework is the ANSI/ASIS PSC.1 – 2012 Management System for Quality of Private Security Company Operations (ANSI/ASIS PSC.1). A quality assurance and human rights risk management standard, its creation was funded by the US DoD. Currently, the US DoD requires the PSCs it utilizes to demonstrate compliance to it, or a related International Organization for Standardization standard (ISO 18788), which was based on ANSI/ASIS PSC.1. One way of demonstrating compliance is for a PSC to hire a certification body to audit its conformance to PSC.1, for which it receives a certificate.
Similarly, the US DoS requires its overseas security contractors also to demonstrate compliance with ANSI/ASIS PSC.1, and to be a member in good standing of the International Code of Conduct Association (ICoCA). The ICoCA is a multi-stakeholder initiative, comprised of governments, PSCs, and civil society organization and headquartered in Geneva, which assures that its member PSCs adhere to the International Code of Conduct for Private Security Service Providers (ICoC). The ICoC details international human rights and humanitarian law responsibilities of PSCs operating in complex environments. The ICoCA certifies its member PSCs, and currently the only route to certification is by evidencing certification to ANSI/ASIS PSC.1 by an accredited certification body in addition to providing human rights information in particular related to the PSC’s human rights risk assessment process.
Examining 13 PSCs that have received ANSI/ASIS PSC.1 certification, Sebstead found fairly significant discrepancies in their conformance to the management standard. He rated the 13 PSCs on their demonstrable conformance to four requirements of ANSI/ASIS PSC.1 which would necessitate that PSCs share publicly information about their adherence to the standard. These included the scope of their certification, which indicates the parts of the PSC’s operations that were actually audited by a certification body; their statement of conformance, the public commitment by management to respect applicable national and local laws and human rights; the availability of a grievance mechanism, which allows third parties to submit complaints to companies when they do not meet their human rights commitments; and the communication of their human rights risk assessment process.
Aggregating these four public facing components of demonstrable conformance to ANSI/ASIS PSC.1, Sebstead created an overall score of effective implementation of these components for the 13 PSCs ranging from poor (0) to very good (3). No PSC received a perfect score, but in the top three places were Garda World Consulting at number one, Aegis Defense Services and Britam Defence tied for second place, and Edinburgh International and Oliver Group tied for third place.
Disaggregating the data for a moment, what does this information tell us? Regarding the certificate scope, six of the 13 PSCs simply posted their certificates to their websites. Yet many did not provide enough information to determine the extent of their certification. In other words, some large, multinational PSCs lay claim to a PSC.1 certification, but do not share publicly exactly which parts of their operations have actually been subjected to a third party audit. Nine out of 13 companies scored well on their statements of conformance, although surprisingly a few were weak on making explicit their commitment to respect human rights. PSCs were also inconsistent in terms of the quality of their grievance mechanisms, with only six out of 13 actually providing a detailed procedure explaining to those who submit complaints the process for addressing those complaints.
Finally, the most important means for a PSC to address its human rights impacts is to first undertake a human rights risk assessment process to identify its potential and actual impacts. However, only seven of 13 PSCs made any mention of having any type of human rights risk assessment process in place. While this does not preclude the possibility that they may actually be assessing human rights risks related to their operations, it would seem important to demonstrate publicly that they take their human rights due diligence responsibilities seriously.
As Sebstead rightfully points out, “embedding a commitment to respect human rights in management systems is an important first step, but adequately identifying and mitigating actual human rights impacts on the ground in host states where PSCs operate is essential.” The “black box” of certification needs to be opened up to better understand what types of methodologies and metrics are being used by certification bodies when they seek evidence of conformance to the human rights components of ANSI/ASIS PSC.1. Here the ICoCA can play a greater role as it can request information from its member PSCs about their certifications. Clearly, the ICoCA is already moving in this direction by requiring additional human rights related information from PSCs with an ANSI/ASIS PSC.1 certificate. But it would help strengthen the robustness of the system if not only there were more assurances about the consistency of the quality of ANSI/ASIS PSC.1 certificates, but also more transparency in terms of both the embedding of human rights commitments into policies and processes and the outcomes of those commitments on actual respect for human rights.