Tag Archives: human righst risk and impact assessment

The Viability of Multi-stakeholder PSC Regulation

Individuals that follow the regulation of Private Security Companies (PSCs) will be particularly interested in Dr. Sorcha MacLeod’s recently published article, Private Security Companies and Shared Responsibility: The Turn to Multistakeholder Standard-Setting and Monitoring through Self-Regulation-‘Plus’.

MacLeod focuses on both the merits and questions concerning recent international multi-stakeholder initiatives related to PSC standards, certification, and oversight, specifically the Montreux Document, the International Code of Conduct for Private Security Providers (ICoC), the  International Code of Conduct Association (ICoCA), and ANSI/ASIS PSC.1-2012 Management System for Quality of Private Security Company Operations  (PSC.1), deliberately walking through each of these efforts and the intended role and interrelated nature of each.

Taken together she deems these multi-stakeholder processes for regulation of PSCs the “self-regulation-plus” approach because of the involvement of not only industry, but also states and civil society organizations.  However, MacLeod concludes, among other points, that this approach “is not the definitive solution.” In the end she feels that unless several cited issues with the current approach are adequately addressed “the likely effectiveness of the ICoC and ICoCA human rights model as applied through a standard such as PSC.1” remains an open question.

It is in the interest of all – the PSC industry itself, as well as the states, commercial enterprises, and NGOs that utilize PSCs – to have effective and universally accepted standards, certification, and oversight frameworks. MacLeod’s stated significant concerns (listed below with comments) with the new PSC regulatory mechanisms should be reviewed carefully and taken into consideration by each of the three member pillars of the ICoCA (states, industry, civil society) as well as by the commercial and NGO entities that utilize PSCs. The latter are not well represented in the state-client focused ICoCA.

State involvement and support. The ICoCA oversight mechanism must be perceived as strong and functional. In the United States, conformance with the PSC.1 standard is now required by the Department of Defense for all contracted private armed security overseas and the Department of State has recently stipulated in its largest protective services solicitation that each bidder must confirm compliance with the requirements set forth in PSC.1 (as well as demonstrate that it is a member in good standing with the ICoCA).  In the United Kingdom, the Foreign Commonwealth Office has stipulated PSC.1 compliance for overseas contracted security services. MacLeod questions how the ICoCA, with its focus to the state clients of PSCs, can be extended to the other commercial and NGO clients of PSCs.

Ability to deal with non-certified and rogue PSCs. Furthermore, MacLeod queries how the ICoCA can contend with non-certified PSCs. She makes the case for states to weigh in to encourage PSC clients in the NGO and commercial sectors to use only ICoC compliant PSCs.

Scope of the certification. MacLeod recommends that clients of certified PSCs know the scope of their PSC’s certification. Is the company globally certified to the PSC.1 standard or is the scope of the certification limited to a specific operating unit or geography?

Auditor competence. MacLeod stresses that certifying auditors must be competent in human rights. The human rights elements in PSC.1 are significant and require the use of auditors with suitable expertise. Additionally, it can also be argued that it is essential that PSCs draw upon human rights expertise themselves if they are to fully and adequately develop, implement, and sustain the human rights components of the PSC.1 standard. Failing to sufficiently develop, implement, and sustain the human rights risk management provisions of the PSC.1 will be corrosive to the credibility of the PSC’s certification as well as a significant undermining factor in demonstrating their responsibility to respect human rights and prevent adverse impacts.

Human Rights Impact Assessments. MacLeod highlights the current lack of clarity on how a PSC should assess human rights risk and impacts and what tools they should use to do so. She is spot on here. While PSC.1 does not explicitly require PSCs to conduct human rights risk and impact assessment (HRRIA), human rights is a specified component of the risk assessment process. As part of the risk assessment process, PSCs have the opportunity to conduct an HRRIA to identify specific human rights risk exposure and develop the processes to address each risk. PSC.1 also requires the establishment of a complaint and grievance mechanisms with external stakeholders. An effective HRRIA conducted with the cooperation and involvement of the local impacted community can greatly facilitate this process. HRRIAs are an imperative part of the overall risk assessment process and should be conducted as part of every pre-deployment survey or advance party at the tactical and operational level. Like security, human rights risk mitigation is most effective when it is developed and integrated at the initial project planning stage and not implemented as a “bolt on” or reactionary activity.

Client awareness, education and training. This certainly requires a greater awareness effort and MacLeod rightfully argues that the effectiveness of PSC.1 certification will be dependent upon the extent to which all clients, government, commercial, and civil society, understand the certification process. The ICoCA, with its multi-stakeholder three-pillar approach, can, and undoubtedly will, be instrumental in this regard.

By identifying areas of perceived potential weakness with the multi-stakeholder process as it currently now stands, MacLeod goes a long way in spotlighting the specific areas that must be addressed in the short term if a credible and viable “self-regulation-plus” PSC industry regulatory mechanism is to continue for the long term.

 

ICoCA Releases Draft Certification Procedure for Vote by Members

The International Code of Conduct Association (ICoCA) has released its draft Certification Principles and Procedure for vote by the members of its General Assembly from the private security industry, civil society, and government pillars. When the vote is finalized by June 29, and assuming the Certification Procedure is approved by a majority of each pillar, this will represent an important step for the ICoCA in executing its role as an oversight authority overseeing implementation of the International Code of Conduct (ICoC). The ICoC was completed in 2010 and lays out a set of human rights and humanitarian law principles regarding the conduct of private security company personnel as well as commitments regarding management and governance.

The certification procedure was a long time in the making as Board representatives from the three pillars and the ICoCA Secretariat worked with each other to find consensus in particular with regard to the ICoCA’s position on certification to PSC.1 – short hand for the ANSI/ASIS PSC.1-2012 Management System for Quality of Private Security Company Operations. However, this vote does not fully address that issue at this time, but rather seeks approval for the process to assess any national or international standard presented to the ICoCA for consideration. As laid out in Article 11.2.1 of the ICoCA Articles of Association:

“The Board shall define the certification requirements based on national or international standards and processes that are recognized by the Board as consistent with the Code and specifying any additional information relevant to the human rights and humanitarian impact of operations it deems necessary for assessing whether a company’s systems and policies meet the requirements of the Code and its readiness to participate in the Association”

The draft Certification Procedure lays out the process the Certification Committee will undertake before the Board decides whether to recognize a standard:

Step 1:

A Member can submit any standard related to security operations as a potential pathway to certification.

Step 2:

If a standard is accepted for consideration, the Committee will evaluate the content of the standard against the ICoC as well as the process by which a company is certified. A draft Certification Assessment Framework for purposes of such an analysis was also released, with the full analysis of PSC.1 to follow at a later date. The Framework is not subject to vote. Whatever gaps the assessment reveals can serve as the basis for defining the “additional information relevant to the human rights and humanitarian impact of operations.” A draft Certification Additional Information Requirement for PSC.1 reveals where consensus has emerged about what that additional information likely will be for PSC.1, although the document will not be finalized until after the vote on the Certification Procedure is completed. In its current form companies will need to provide:

  • The certificate with the scope of their certification by an accredited certification body.
  • Any non-conformities identified in the certification report.
  • Their corrective action plans to address those non-conformities.
  • Their Human Rights Risk and Impact Assessment (HRRIA) model or process.
  • A range of documents with regards to subcontractors’ uptake of the ICoC’s commitments, screening and vetting of personnel, anti-discrimination policies, and competency reviews and training of personnel.

With regard to the HRRIA, a draft HRRIA assessment framework was also released. It contains a series of Yes/No questions and requests to evidence references in company policies. It is divided up between process questions – regarding the frequency of HRRIAs, the involvement of relevant internal and external stakeholders, and implementation of HRRIA findings – and a series of substantive questions relating to internal controls and policies and specific human rights provisions of the ICoC. The HRRIA assessment framework is an effort to assess whether a company’s HRRIA covers many of the commitments laid out in the ICoC with regard to conduct of personnel, human rights, and management and governance. The framework will also be finalized at a later date; however, at this point it is unclear what benchmarks the ICoCA will use to determine the acceptability of answers and how it will assess the accuracy of information submitted.

Step 3:

If a standard is deemed to be consistent with the ICoC, the Committee will draft a Recognition Statement which will include the additional information identified by the Committee based on the Assessment Framework. The draft statement will be made available for public comment.

Step 4:

After considering the comments, the Board will decide whether to accept the standard and publish a Recognition Statement. One consideration that may factor into whether a standard is consistent with the ICoC is “practical considerations relating to the ability of the ICoCA to effectively assess the Additional Information associated with a standard.” It will soon be seen whether this consideration is an issue in the assessment of the ISO 28007-1: 2015 Ships and marine Technology: Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract), which is the next standard the ICoCA will analyze. As we argued before, that standard still has some significant human rights shortcomings which will surely generate a good bit of information for the ICoCA.

Step 5:

After a Recognition Statement has been released, member companies can seek ICoCA certification by evidencing certification to the recognized standard by an independent, accredited certification body. A company will provide to the Secretariat the certificate and the additional information detailed in the Recognition Statement, and the Secretariat will review the materials and make a recommendation to the Board whether to approve a company for ICoCA certification. If the Secretariat has concerns about a member company’s ability to gain approval, it can engage that company in discussions to clarify what additional steps and information may be needed to gain approval. Prior to casting its vote the Board can request the Secretariat to elicit additional information from a company, if it deems this necessary to its ability to cast a vote on ICoCA certification.

If all goes well, and the Board votes to grant ICoCA certification to a company, that certification will have the same scope as the certification provided by the independent, accredited certification body. ICoCA certifications will be valid for a period of three years, as is the case for certification to PSC.1. In keeping with its role to foster industry best practices, the Secretariat can provide companies Advisory Comments to assist them with ICoC implementation.

The finalization of the certification procedure is a big step forward in ensuring governance and oversight of the ICoC. While the road ahead is still long, with the ICoCA tackling monitoring and reporting procedures as its next task, relative to other industries operating in complex environments, the private security industry is demonstrating that it is willing to actually subject itself to audits and evidence that it is implementing human rights standards.