New Report Provides an Insider Perspective on the International Code of Conduct Process

DCAF Report coverA new report, Towards an International Code of Conduct for Private Security Providers: A View from Inside a Multistakeholder Process, by Anne-Marie Buzatu of the Geneva Centre for the Democratic Control of Armed Forces (DCAF) provides a first-hand account of the process that led to the development of the International Code of Conduct for Private Security Service Providers (ICoC) and its accompanying governance and oversight mechanism, the ICoC Association (ICoCA). Ms. Buzatu representing DCAF, along with members of the Swiss Government and the Geneva Academy of International Humanitarian Law and Human Rights, formed the team of “neutral facilitators” that shepherded into existence this landmark multi-stakeholder initiative. Attaining consensus among stakeholders from private security companies, governments, civil society organizations, and other interested parties consulted during the process was no easy task. As Ms. Buzatu rightfully points out, the neutral facilitators in this case did everything to make that possible, from logistical project management and drafting of texts to building trust and mediating disputes among stakeholders.

The report covers a lot of historical ground. It begins by describing the circumstances at the time that gave impetus to the ICoC effort. In particular, in the wake of the wars in Iraq and Afghanistan and the accompanying rapid increase in the use of PSCs, it became clear that there were governance gaps at both the national and international levels that had to be addressed to ensure effective oversight and accountability for private actors with the potential to use force. There was also a growing recognition that PSCs operating globally in complex environments raised complicated jurisdictional issues, which no one state could address on its own. New forms of innovative governance at the cross-sections of the national and international and public and private would be required. Hence the emergence of the ICoC/ICoCA as exemplars of “co-regulation” i.e. regulatory approaches that bring together public and private actors and “combine the advantages of an international-level multistakeholder governance model with the force of statutory and/or contractual obligations.” By embedding adherence to the ICoC and membership in the ICoCA into the contracting requirements of some states and international organizations, this multi-stakeholder initiative is in the process of setting historical precedent in terms of “hardening soft law.”

However, the origins of the ICoC/ICoCA in response to the Iraq and Afghanistan wars and the ICoCA’s current inclusion of only state clients of PSCs, makes one wonder to what extent this may be an example of “regulating the last war,” to quote Sarah Percy. While insurers and private sector clients of the private security industry, particularly extractive companies, participated in some of the initial consultations on the ICoC and the charter of the ICoCA, in later stages Ms. Buzatu notes they took a “wait and see” approach. Fortunately, efforts are underway to solicit extractive companies buy-in, and the viability and more global applicability of the ICoC will depend on bringing in private sector clients of the private security industry.

Even without private sector clients on board, the ICoC/ICoCA process stands out among other examples of co-regulation for its transparency and multi-stakeholder, consensus-based decision-making. No doubt this was part of the recipe for success as each stakeholder pillar brings to the table different types of expertise and leverage to ensure that the provision of private security also facilitates general human security. PSCs have ground-truth and can best explain how to incorporate international human rights standards into their operations. Governments can give effect to international standards by incorporating them into international and national laws, regulations, and procurement requirements. Finally, civil society can provide insight into how security services are impacting on local populations and serve in a watch dog capacity. A section of the report on “Good Practices and Lessons Learned” cites trust among stakeholders, equally weighted participation, consensus-based decision-making, and transparency as key factors for successful co-regulation; sage advice for other co-regulatory initiatives underway that have at times found themselves struggling with differences among stakeholders. From this perspective, the Voluntary Principles on Security and Human Rights come to mind.

From an insider point of view, it would have been useful to hear more not just about what happened – from the Montreux Document to the ICoC, to the Temporary Steering Committee that drafted the charter for the ICoCA, and now the efforts of the ICoCA to develop procedures for certification, monitoring, and grievance mechanisms – but also how certain compromise positions were reached and why stakeholders took the positions they did.

That being said, one section of the report goes into greater depth detailing the process behind and provisions of the ICoC, which went through three versions before being finalized in 2010. The reader is able to trace from that section key provisions that developed over time, such as the applicability of the Code to complex environments; the need for a multi-stakeholder approach, rather than an industry-led process; the ability to agree about the value of an accompanying International Governance and Oversight Mechanism, but not about its specific contours; and the importance of embedding Code standards into procurement practices.

Another section on the drafting of the charter, later called the ICoCA Articles of Association, which was about two years in the making, also gives a good sense of the extensive, consultative drafting process undertaken by the multi-stakeholder Technical Steering Committee, as well as points of disagreement that had to be addressed and the consensus that was attained. Significantly, the very detailed initial draft of the charter was significantly pared down, leaving it to the ICoCA to develop the specifics of the certification, monitoring, and grievance procedures. During negotiations of the charter, differences in views about membership in the civil society pillar resulted in detailed membership criteria being finalized by the pillar after the launch of the ICoCA. Views also differed on the broad outline of the grievance procedure. In the end, with the exception of an arbitration function, nearly all proposed functions of the grievance procedure – advisory, referral, mediation, special audit, fact-finding, and gatekeeping functions – found their way to some degree or another into the charter.

However, what is not addressed in depth, and indeed shaped the how and why of much of these negotiated outcomes from the ICoC onwards, was the completion of the Department of Defense funded ANSI/ASIS PSC.1 management system standard for private security operations in 2012. The DoD, PSCs, and other interested parties supporting the development of PSC.1 saw it as an operationalization of the ICoC’s principles, as called for in ICoC Paragraph 7 which speaks to the need for “objective and measurable standards for providing Security Services based upon this Code.” Furthermore, once PSC.1 was completed and a pilot project was underway to accredit the first certification bodies and certify the first PSCs, this shaped negotiations on the certification function laid out in the charter of the ICoCA. The Articles of Association Paragraph 11.2.1 state that the ICoCA Board “shall define the certification requirements based on national and international standards and processes that are recognized as consistent with the Code,” and 11.2.4 states that the certification process shall not be “duplicative of certification under Board-recognized national and international standards.” Indeed, certification to PSC.1, along with some additional human rights relevant information, such as the human rights risk and impact assessment methodology used by a PSC, is now the first officially recognized route to ICoCA certification. Yet the relationship between those certification requirements, the field auditing requirements of PSC.1, and the ICoCA monitoring procedure currently under development is still an open matter of discussion.

Is re-hashing these discussions about the relationship between these two co-regulatory efforts a matter of opening old wounds? Not at all. This detailed history of the origins of the ICoC/ICoCA, together with an understanding of the differing views of stakeholders and how those differences were overcome to reach negotiated agreements, is essential background knowledge that amounts to something akin to “founders’ intent.” First, as new members join the ICoCA and new interested parties follow its further development, this history allows them to better grasp the significant strides that were made to get things to where they are today. Revisiting old disputes, or at least not understanding the origins of certain comprises, can hinder forward progress. Second, as ICoCA Board committees move forward with the work of assessing other international and national standards, developing monitoring and performance assessment procedures, and creating a grievance mechanism, it helps to remember the shared vision that drives the overall effort and the consensus that has already been attained. True multi-stakeholder initiatives by their very nature move at a slow pace. But the progress to date with the ICoC/ICoCA, in particular in terms of the commitments the industry has made to establishing an assurance framework with teeth, and the time in which this was achieved, are truly exceptional compared to other co-regulatory efforts. The historical insights offered in this report provide useful foundations for continuing to chart the way forward and increasing the uptake of international human rights standards by the private security industry on a global scale.