Tag Archives: ICoC

Continued progress in operationalizing responsible private security: ICoCA holds annual meeting

With a new tagline on its promotional materials, “bringing together industry, civil society and governments to promote responsible private security services and respect for human rights,” the International Code of Conduct Association (ICoCA) held its Annual General Assembly in Geneva last week. Human Analytics, an observer to the ICoCA, attended and as we have done in past years (2015; 2016) wanted to share updates from the meeting with readers of our blog.

Jamie Williamson, the new Executive Director of the ICoCA who now heads the nine-person Secretariat, kicked off the meeting with a review of the past year. Membership in the three pillars of the ICoCA is steady or growing. In the government pillar, seven governments continue to participate. As part of its concerted communication, outreach, and development strategy, the ICoCA is having bilateral conversations and working through international forums, like the Montreux Document Forum, to increase state participation. One welcome development was the European Parliament’s passage of a resolution this year recommending that the European Commission issue guidelines to use ICoCA-certified private security companies (PSCs) for EU contracts and urge member states to use participation in the ICoCA as a consideration in their public procurement decisions. The industry pillar currently has 101 members headquartered in 35 countries. Budget numbers, beyond revealing that the Association is on sound financial footing, indicate that the make-up of the industry pillar may be changing. More recently the strongest increases in membership have come from outside the US and UK, and membership dues from small and medium sized PSCs reflect a growing share of the Association’s revenues. The civil society organization (CSO) pillar also has become more geographically diverse. As a result of the ICoCA’s field-based review mission to Nigeria in August, which also supported the Association’s ongoing efforts to establish and maintain civil society “monitoring networks” in various regions of the world, four new African CSOs applied for ICoCA membership.

If one thing became clear from the meeting, the ICoCA is continuing to systematically operationalize its key procedures – certification, monitoring, and complaints – which enable it to exercise oversight of its member PSCs’ implementation of the International Code of Conduct for Private Security Service Providers (ICoC). With the changing composition of its member PSCs, one ongoing concern has been facilitating the access of small and medium sized PSCs to ICoCA-certification, while at the same time maintaining high standards in line with the ICoC’s human rights and humanitarian law requirements. This is a discussion that continues to occupy the Board and Secretariat, but in the interim an important resolution was passed that would allow for a two-year Transitional Membership beginning in April 2018, thereby allowing PSCs more time to work towards attaining certification while actively participating in the monitoring and complaints processes of the Association. PSCs seeking a transitional status must agree to meet certain substantive and procedural benchmarks, yet to be developed, during that period to evidence their concerted efforts to obtain certification. Currently, ICoCA-certification requires that land-based security providers first evidence a third-party certification to security operations management system standards, either ANSI/ASIS PSC.1 or ISO 18788. Seventeen member PSCs have applied for ICoCA-certification and nine have received it. Discussion at the meeting revolved in part around the costs associated with implementing and auditing to the management standards, and whether they may pose a barrier to ICoCA-certification for some PSCs.

Steps taken to develop the monitoring and complaints functions of the ICoCA in the past year are central to its efforts to evolve its oversight capacities. As noted, a field mission to Nigeria, in which six member PSCs participated, was an important step in further developing the Association’s remote monitoring capacities. It allowed engagement of member PSCs in their operating environments, assisted with the development of SOPs for field-based reviews, and helped to refine performance and compliance indicators. This mission focused in particular on practices of subcontracting, training, and selection and vetting of personnel. The latter has also been the focus of a pilot to develop operationally-oriented questions to facilitate PSCs in meeting their Company Self-Assessment reporting requirements. An on-line platform was created to allow companies to submit this information securely. Developing SOPs for receiving and processing complaints was another key effort this past year. Currently, a guidance for PSCs is being finalized, with the support of DCAF (Geneva Centre for the Democratic Control of Armed Forces), to aid companies in establishing fair and accessible grievance procedures. It is expected to be launched at the end of November.

The at times technical and time-consuming work of developing policies, SOPs, guidance, on-line tools and the like indicate that the ICoCA is maturing and moving into a new phase as a multi-stakeholder initiative. In looking to the year ahead, the ICoCA must ensure that what may be the beginning of a trend becomes institutionalized, namely growing its membership in a way that reflects the global nature of the industry and its impacted populations. To do this effectively the Association will need to continue its concerted strategic outreach program and must recognize the dynamic nature of the industry and ensure that all the relevant stakeholders are brought to the table to include key private sector clients of the industry. Perhaps most essentially, as some member PSCs now have a few years of experience under their belts in implementing the Code, this is an opportune time to share best practices and identify where challenges in meeting human rights requirements remain and opportunities for collaboration, to include with observers and other stakeholders, exist to develop human-rights-based implementation tools.

Tools for Effective and Responsible Contracting of Private Security Services

Private security companies provide services to a range of clients operating in complex and high risk environments. Increasingly state actors, to include international organizations, as well as private actors, such as companies and humanitarian assistance and human rights organizations, utilize private security providers to manage risks to their people, projects, and assets. However, if the wrong private security provider is hired, this could pose its own risks. Fortunately for clients of the private security industry, a number of tools are being developed under the leadership of the Center for the Democratic Control of Armed Forces’ Public Private Partnership Division (DCAF) that can assist with procuring private security providers that not only effectively provide quality services, but also respect human rights throughout their operations.

As noted in a previous blog post, this past July DCAF released a study detailing good practices related to States’ and international organizations’ procurement and contracting of private security services entitled Putting Private Security Regulation Into Practice: Sharing Good Practices on Procurement and Contracting 2015-2016. The study breaks down the five stages of the procurement process and provides examples of best practices for each based on the experience of a number of the Montreux Document supporting states and international organizations. The Montreux Document is the first international declaration to detail international human rights and humanitarian law obligations and good practices for states contracting security services during armed conflict and beyond. (The declaration also addresses home and territorial states as well.) DCAF serves as the Secretariat of the Montreux Document Forum and supports efforts to foster implementation of Montreux Document commitments.

Now DCAF is broadening its efforts and developing contracting guidance for private sector clients of the security industry. Earlier this month DCAF, together with the International Committee of the Red Cross, SociosPeru, and Peace Nexus, released Recommendations for Hiring Private Security Providers. Based on a pilot project with extractive companies and other stakeholders in Peru to support implementation of the Voluntary Principles on Security and Human Rights, the Recommendations detail how a company can carry out due diligence in its engagement with a private security provider from the solicitation, notice, and bidding process through to monitoring, enforcement, and accountability of the provider. The Recommendations offer detailed bullet points on the types of information Requests for Proposal should solicit in bid submissions, such as information about employees, training, equipment, and performance track records. The Recommendations also include suggested criteria for excluding or granting an award, contract provisions, and key performance indicators that can be used to monitor security providers, although these could have been more productively captured as positive goals rather than a list of violations for security providers to avoid. Interestingly, although the Recommendations state that companies should undertake a thorough risk assessment and develop a security plan prior to the bidding process, a similar recommendation is not made to private security providers suggesting that they undertake a human rights impact assessment and develop plans to manage and prevent risks. That being said, one can infer that would occur should a company limit itself to contracting with private security providers certified to security operations management system standards (ANSI/ASIS PSC.1 or ISO 18788) or by the International Code of Conduct Association, all of which require human rights risk assessment.

A second DCAF initiative currently under development is a Contract Guidance Tool which aims to support humanitarian non-governmental organizations, as well as states, international organizations, and other clients with incorporating human rights requirements into their contracts with private security providers. A recent blog post on the European Interagency Security Forum’s website announced the launch of a consultative process to solicit input from clients about their current contracting practices. Humanitarian organizations in particular are requested to fill out a questionnaire on their general contracting frameworks, contract award processes, contractual terms, and contract monitoring and accountability in order to facilitate the creation of the Contract Guidance Tool. This will be an important effort to support since, as of yet, no detailed contracting recommendations for humanitarian organizations exist. Furthermore, it is in the vested interest of the humanitarian community, which increasingly relies on security providers, to ensure that those providers align with their humanitarian missions and respect human rights in their security operations.

ICoCA Opens Pathway to Certification for Private Maritime Security Companies

It is now possible for Private Maritime Security Companies (PMSCs) to receive independent, third party certification to the International Code of Conduct for Private Security Service Providers (ICoC) via the International Code of Conduct Association (ICoCA). On Friday of last week, the multi-stakeholder ICoCA announced the release of a recognition statement for ISO 28007-1: 2015 Ships and marine technology – Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract), ISO 28007 in short.

(Readers of Human Analytics’ Human Rights in Complex Environments blog may remember that we reported in February on the ICoCA’s release of an ISO 28007 draft recognition statement for public comment. The compilation of those comments is available here.)

As with the ICoCA recognition statement for the land-based security standard, ANSI/ASIS PSC.1-2012: Management System for Quality of Private Security Company Operations (PSC.1), the ISO 28007 recognition statement is accompanied by an Annex A analyzing the gaps between ISO 28007 and the ICoC and an Annex B summarizing the additional information, related to the human rights and humanitarian law requirements of the ICoC, that PMSCs must supply to the ICoCA. Unlike PSC.1, which has the ICoC as a normative reference, ISO 28007 did not and the gaps are not insignificant. (Despite some improvements in the human rights content of the ISO 28007 standard as it evolved from a PAS to an ISO guideline.) In addition to the failure of ISO 28007 to include human rights in PMSCs’ risk assessment process, four areas evidence the greatest number of gaps, namely requirements regarding employment policies, incident reporting practices, training programs, and grievance mechanisms.

Beyond this additional information, PMSCs must provide to the ICoCA the scope of their certification to ISO 28000 Specification for security management systems for the supply chain (the ISO standard that is actually auditable by certification bodies and to which ISO 28007 provides additional guidance), any non-conformities identified during the auditing process, corrective action plans, and details on their Human Rights Risk Assessment process. Only certificates lent by certification bodies accredited by recognized national accreditation bodies will be accepted by the ICoCA. Currently MSS Global and Lloyd’s Register Quality Assurance Limited are the only accredited certification bodies to audit to ISO 28000/28007. Both were accredited by the UK Accreditation Service.

Although more information will be forthcoming in terms of how the ICoCA will process certifications, the organization is poised to play an important role in increasing respect for human rights in the private maritime security industry. While the UK Accreditation Service has released guidance for certification bodies auditing to ISO 28000/28007, which clearly states that human rights competence is a must for auditors, this has limited effect in light of the weak human rights provisions in ISO 28007. Auditors can only audit to what is in the standard. Therefore, by gathering this additional human rights related information, the ICoCA can contribute to raising the bar by scrutinizing what human rights due diligence measures PMSCs have in place to identify, prevent, mitigate and account for how they address their adverse human rights impacts.

However, when assessing the information submitted to it by PMSCs, the ICoCA should draw on the expertise of its membership, to include organizations in the civil society pillar, such as Oceans Beyond Piracy/One Earth Future Foundation. As comments submitted by Oceans Beyond Piracy indicate, there are specificities to maritime security provision, to include differences in human rights risks and regulatory environments, that are not well-captured by the ICoC, which was drawn up with land-based security in mind. This is why the ICoC (Article 7) foresaw “the development of additional principles and standards for related services, such as… the provision of maritime security services,” beyond those already in the ICoC. Furthermore, as comments from MSS Global and two ICoCA member companies indicate, the scope of any ISO 28000/28007 certificate will also need to be scrutinized to ensure that it captures operations, beyond the Indian Ocean and High Risk Area, where human rights risks may be equally, if not more so, relevant to any PMSC’s compliance with the ICoC. Should the ICoCA be able to muster such informed scrutiny, and should PMSCs be willing to subject themselves to it, it is foreseeable that there will be an increase in PMSCs respect for human rights.

Certifying Private Security Companies’ Human Rights Performance: Not All Certificates Are Created Alike

http://hrbrief.org/2016/05/certifying-responsible-private-security-companies-assessing-implementation-transparency-disclosure-provisions/
http://hrbrief.org/2016/05/certifying-responsible-private-security-companies-assessing-implementation-transparency-disclosure-provisions/

A growing number of private security companies (PSCs) providing security services overseas to the U.S. Department of Defense (US DoD) and U.S. Department of State (US DoS) are becoming certified by third party auditors as a means of demonstrating their adherence to international human rights and humanitarian law standards. However, newly released research by American University Washington College of Law’s Dean’s Fellow David Sebstead indicates significant inconsistency in PSCs’ adherence to standards based on publicly available information. In his Human Rights Brief article, Certifying Responsible Private Security Companies: Assessing the Implementation of Transparency and Disclosure Provisions, Sebstead found that certification may not be enough to assure clients of PSCs and the public that they are fulfilling their human rights responsibilities.

The increased use of PSCs in the wake of the Iraq and Afghanistan conflicts, and associated concerns about their human rights impacts, led to the emergence of a transnational governance framework comprised of declarations, codes of conduct, and management standards to ensure more effective governance and oversight of PSCs. A central component of this governance framework is the ANSI/ASIS PSC.1 – 2012 Management System for Quality of Private Security Company Operations (ANSI/ASIS PSC.1). A quality assurance and human rights risk management standard, its creation was funded by the US DoD. Currently, the US DoD requires the PSCs it utilizes to demonstrate compliance to it, or a related International Organization for Standardization standard (ISO 18788), which was based on ANSI/ASIS PSC.1. One way of demonstrating compliance is for a PSC to hire a certification body to audit its conformance to PSC.1, for which it receives a certificate.

Similarly, the US DoS requires its overseas security contractors also to demonstrate compliance with ANSI/ASIS PSC.1, and to be a member in good standing of the International Code of Conduct Association (ICoCA). The ICoCA is a multi-stakeholder initiative, comprised of governments, PSCs, and civil society organization and headquartered in Geneva, which assures that its member PSCs adhere to the International Code of Conduct for Private Security Service Providers (ICoC). The ICoC details international human rights and humanitarian law responsibilities of PSCs operating in complex environments. The ICoCA certifies its member PSCs, and currently the only route to certification is by evidencing certification to ANSI/ASIS PSC.1 by an accredited certification body in addition to providing human rights information in particular related to the PSC’s human rights risk assessment process.

Examining 13 PSCs that have received ANSI/ASIS PSC.1 certification, Sebstead found fairly significant discrepancies in their conformance to the management standard. He rated the 13 PSCs on their demonstrable conformance to four requirements of ANSI/ASIS PSC.1 which would necessitate that PSCs share publicly information about their adherence to the standard. These included the scope of their certification, which indicates the parts of the PSC’s operations that were actually audited by a certification body; their statement of conformance, the public commitment by management to respect applicable national and local laws and human rights; the availability of a grievance mechanism, which allows third parties to submit complaints to companies when they do not meet their human rights commitments; and the communication of their human rights risk assessment process.

Aggregating these four public facing components of demonstrable conformance to ANSI/ASIS PSC.1, Sebstead created an overall score of effective implementation of these components for the 13 PSCs ranging from poor (0) to very good (3). No PSC received a perfect score, but in the top three places were Garda World Consulting at number one, Aegis Defense Services and Britam Defence tied for second place, and Edinburgh International and Oliver Group tied for third place.

Disaggregating the data for a moment, what does this information tell us? Regarding the certificate scope, six of the 13 PSCs simply posted their certificates to their websites. Yet many did not provide enough information to determine the extent of their certification. In other words, some large, multinational PSCs lay claim to a PSC.1 certification, but do not share publicly exactly which parts of their operations have actually been subjected to a third party audit. Nine out of 13 companies scored well on their statements of conformance, although surprisingly a few were weak on making explicit their commitment to respect human rights. PSCs were also inconsistent in terms of the quality of their grievance mechanisms, with only six out of 13 actually providing a detailed procedure explaining to those who submit complaints the process for addressing those complaints.

Finally, the most important means for a PSC to address its human rights impacts is to first undertake a human rights risk assessment process to identify its potential and actual impacts. However, only seven of 13 PSCs made any mention of having any type of human rights risk assessment process in place. While this does not preclude the possibility that they may actually be assessing human rights risks related to their operations, it would seem important to demonstrate publicly that they take their human rights due diligence responsibilities seriously.

As Sebstead rightfully points out, “embedding a commitment to respect human rights in management systems is an important first step, but adequately identifying and mitigating actual human rights impacts on the ground in host states where PSCs operate is essential.” The “black box” of certification needs to be opened up to better understand what types of methodologies and metrics are being used by certification bodies when they seek evidence of conformance to the human rights components of ANSI/ASIS PSC.1. Here the ICoCA can play a greater role as it can request information from its member PSCs about their certifications. Clearly, the ICoCA is already moving in this direction by requiring additional human rights related information from PSCs with an ANSI/ASIS PSC.1 certificate. But it would help strengthen the robustness of the system if not only there were more assurances about the consistency of the quality of ANSI/ASIS PSC.1 certificates, but also more transparency in terms of both the embedding of human rights commitments into policies and processes and the outcomes of those commitments on actual respect for human rights.

 

New Report on Implementing the UN Guiding Principles in the Maritime Sector

HRs at Sea coverThe Human Rights at Sea initiative has released a new report, An Introduction and Commentary to the 2011 UN Guiding Principles on Business and Human Rights and their Implementation in the Maritime Environment. The report provides a simple introduction to the UN Guiding Principles (UN GPs), makes the business case for companies in the maritime sector to implement their responsibility to respect human rights and warns of the commercial, legal, reputational, and operational risks of not doing so, and provides some examples of human rights abuses associated with the maritime sector. The report also discusses the uptake of the UN GPs through the development of National Actions Plans, such as that of the UK government, and their incorporation into various soft law instruments.

All of these issues have been addressed in more depth in other publications. But as Business and Human Rights Resource Center’s Executive Director Phil Bloomer suggests in the foreword, what makes this report stand out is that it is the first effort to launch a more comprehensive discussion in the maritime sector about its human rights responsibilities and how to meet them. This discussion has been happening in bits and pieces and mostly in response to reports of severe abuses.

For example, the New York Time series, The Outlaw Ocean, drew attention to lawlessness on the high seas and in particular the impunity for gross human rights abuses such as the use of forced and slave labor in the fishing industry. In February, President Obama signed a law closing a loophole in the 1930 Tariff Act that allowed the importation of goods made with slave labor, to include seafood caught using forced labor in south-east Asia.

As noted in a previous blog, concerns about the use of private armed security personnel on board ships in response to piracy threats resulted in the development of an ISO standard (ISO 28007-1: 2015), which explicitly references the UN GPs in the introduction and requires that companies develop human rights policies. Maritime security providers certified to ISO 28007-1 will soon have the opportunity to solicit certification to the International Code of Conduct for Private Security Service Providers (ICoC) if they provide some additional information on their human rights due diligence efforts, as foreseen in the draft recognition statement released by the ICoC Association.

Recently Maersk Group released its 2015 Sustainability Report detailing how it had undertaken a human rights due diligence process based on the UN GPs for all the business activities of the Group, thereby becoming the first large shipping line to undertake such a process. Although, as pointed out in the Human Rights at Sea report, Maersk is still plagued by human rights issues, such as using ship breaking facilities in India with a record of labor rights abuses.

The maritime environment as defined in the report is complex and encompasses multiple business actors, including those designing and manufacturing ships, operating shipping, cruise, and fishing fleets, brokerage services, ship yards, dry-docks, port construction, freight-forwarding, insurance, seafarer recruitment, and maritime security services. Most businesses in the maritime sector have not begun to consider the significance of the UN GPs or recognized their responsibility to respect human rights in their own business activities and throughout their supply chains. Hopefully, the Human Rights at Sea report will contribute to furthering that discussion throughout the sector.

ICoCA Releases Draft Statement Recognizing Private Maritime Security Companies Standard

The International Code of Conduct Association (ICoCA) has announced the release of a draft recognition statement in accordance with its certification procedure for ISO 28007-1: 2015 Ships and marine technology – Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract) – or ISO 28007 in short. What is the significance? PMSCs that are members of the ICoCA now have a chance to become ICoCA certified. They will need to evidence their certification by an accredited certification body to ISO 28000 Specification for security management systems for the supply chain, using the additional guidance provided in ISO 28007, as well as provide some additional human rights related information derived from the International Code of Conduct for Private Security Service Providers (ICoC).

As noted in a blog post Human Analytics wrote after the release of ISO 28007 last year, New ISO Standard for Private Maritime Security Companies Reflects Some Progress on Human Rights, the new standard contains some improvements relative to the previous ISO/PAS 28007 (PAS = Publicly Available Specification), which was nearly devoid of any reference to the corporate responsibility to respect human rights. One marked improvement is the insertion of a reference to the UN Guiding Principles on Business and Human Rights (UN GPs) in the introduction, as well as the need for an explicit human rights policy. But the blog also noted that there remain a number of human rights shortcomings in ISO 28007, certainly relative to the expectations of companies laid out in the UN GPs, including the need to undertake a human rights due diligence process, prioritize human rights risks identified though a risk assessment process based on their scope and severity, and remediate negative human rights impacts.

The gaps between the human rights and humanitarian law principles of the ICoC and the requirements and guidelines of the ISO 28000/ ISO 28007 are evidenced in the rather extensive additional human rights related information requirements for ICoCA certification detailed in Annex B to the draft recognition statement. In addition to the failure of ISO 28007 to include human rights in the company’s risk assessment process, four areas evidence the greatest number of gaps, namely requirements regarding employment policies, reporting practices, training programs, and grievance mechanisms. Among some of the key gaps are failures to require an anti-discriminatory employment policy; ensure that passports, travel documents, and identification materials of personnel are only held as long as reasonably necessary; ensure that all employment documents are in writing and in a language understood by personnel; include relevant international and human rights law provisions in reporting requirements; require training on international human rights law; and ensure that grievance mechanisms are publicly available and operate in a fair, prompt, impartial, and confidential fashion. Annex B contains a complete list of gaps.

Topics not mentioned in Annex B, where the ICoCA may want to push for additional information are:

1) ensuring that, in line with the UN GPs, when PMSCs evaluate and prioritize risk controls, management, mitigation, and treatments that they prioritize addressing human rights risks based on their scope and severity;

2) including indications of prior involvement in human rights violations, which in some countries may not be captured in criminal background checks, employment histories, and military and law enforcement service records, in the selection and vetting criteria for personnel and subcontractors, as required in ICoC paragraphs 48 and 51;

3) evidencing that personnel receive mandatory training in reporting requirements related to the types of crimes and human rights violations laid out in ICoC paragraph 22; and

4) ensuring that grievance mechanisms offer effective remedies to victims of negative human rights impacts as foreseen in ICoC paragraph 67 a). The remediation of harms caused by PMSCs’ activities is not addressed anywhere in ISO 28007.

While certainly an opportunity for PMSCs to improve their human rights performance, it will be interesting to see how many of them actually seek ICoCA certification. While nearly half of the original ICoC signatories were PMSCs, at this point many no longer exist – having closed shop after the decline in piracy off the coast of Somalia – or chose not to become transitional members of the ICoCA once it was formed in late 2013. ICoC paragraph 7 foresaw “the development of additional principles and standards for related services, such as… the provision of maritime security services.” The review of ISO 28007 was carried out based on a comparison to the ICoC’s current provisions, and not after consideration of developments in the maritime security industry which may require additional principles and standards to capture the unique nature of the industry’s security operations and human rights impacts. Furthermore, the development of additional principles by the ICoCA for the provision of maritime security was to happen after the establishment of “objective and measurable standards for providing Security Services based upon this Code” and the development of “external independent mechanisms for effective governance and oversight” (to include certification, auditing, monitoring, reporting, and grievance procedures). It is interesting that the ICoCA chose to prioritize reviewing ISO 28007 as a pathway to ICoCA certification ahead of reviewing ISO 18788 (the new ISO standard for private security operations based on the ICoCA recognized ANSI/ASIS PSC.1) and ahead of completing the development of key procedures, such as monitoring and grievance procedures. What remains unclear is whether PMSCs will seek ICoCA certification, or if their clients will require it, without the ICoCA having finalized all of its procedures.

Two developments in the maritime industry, however, do bode well. First, ISO 28007 no longer contains a note that appeared in the previous ISO/PAS 28007, which stated that the International Maritime Organization does not view the ICoC as “directly applicable to the peculiarities of deploying armed guards at sea to protect against piracy since it is written in the context of self-regulation for land companies only.” The ICoC is now referenced in the bibliography. Second, Maersk Group, which includes one of the world’s largest shipping lines, announced in its recent 2015 Sustainability Report that it had undertaken a human rights due diligence process based on the UN GPs for all the business activities of the Group. One area identified as a priority human rights issue for 2016-2017 is the use of security services. The imminent recognition of ISO 28007 provides an opportunity for the ICoCA to lobby the shipping industry and other clients of PMSCs, as well as flag, coastal, and port states, to require that PMSCs adhere to the principles of the ICoC. To be impactful on the larger security industry, the ICoCA must foster compliance with the ICoC principles by all security providers, whether maritime or land-based and whether employed by private or public sector clients.

New Report Provides an Insider Perspective on the International Code of Conduct Process

DCAF Report coverA new report, Towards an International Code of Conduct for Private Security Providers: A View from Inside a Multistakeholder Process, by Anne-Marie Buzatu of the Geneva Centre for the Democratic Control of Armed Forces (DCAF) provides a first-hand account of the process that led to the development of the International Code of Conduct for Private Security Service Providers (ICoC) and its accompanying governance and oversight mechanism, the ICoC Association (ICoCA). Ms. Buzatu representing DCAF, along with members of the Swiss Government and the Geneva Academy of International Humanitarian Law and Human Rights, formed the team of “neutral facilitators” that shepherded into existence this landmark multi-stakeholder initiative. Attaining consensus among stakeholders from private security companies, governments, civil society organizations, and other interested parties consulted during the process was no easy task. As Ms. Buzatu rightfully points out, the neutral facilitators in this case did everything to make that possible, from logistical project management and drafting of texts to building trust and mediating disputes among stakeholders.

The report covers a lot of historical ground. It begins by describing the circumstances at the time that gave impetus to the ICoC effort. In particular, in the wake of the wars in Iraq and Afghanistan and the accompanying rapid increase in the use of PSCs, it became clear that there were governance gaps at both the national and international levels that had to be addressed to ensure effective oversight and accountability for private actors with the potential to use force. There was also a growing recognition that PSCs operating globally in complex environments raised complicated jurisdictional issues, which no one state could address on its own. New forms of innovative governance at the cross-sections of the national and international and public and private would be required. Hence the emergence of the ICoC/ICoCA as exemplars of “co-regulation” i.e. regulatory approaches that bring together public and private actors and “combine the advantages of an international-level multistakeholder governance model with the force of statutory and/or contractual obligations.” By embedding adherence to the ICoC and membership in the ICoCA into the contracting requirements of some states and international organizations, this multi-stakeholder initiative is in the process of setting historical precedent in terms of “hardening soft law.”

However, the origins of the ICoC/ICoCA in response to the Iraq and Afghanistan wars and the ICoCA’s current inclusion of only state clients of PSCs, makes one wonder to what extent this may be an example of “regulating the last war,” to quote Sarah Percy. While insurers and private sector clients of the private security industry, particularly extractive companies, participated in some of the initial consultations on the ICoC and the charter of the ICoCA, in later stages Ms. Buzatu notes they took a “wait and see” approach. Fortunately, efforts are underway to solicit extractive companies buy-in, and the viability and more global applicability of the ICoC will depend on bringing in private sector clients of the private security industry.

Even without private sector clients on board, the ICoC/ICoCA process stands out among other examples of co-regulation for its transparency and multi-stakeholder, consensus-based decision-making. No doubt this was part of the recipe for success as each stakeholder pillar brings to the table different types of expertise and leverage to ensure that the provision of private security also facilitates general human security. PSCs have ground-truth and can best explain how to incorporate international human rights standards into their operations. Governments can give effect to international standards by incorporating them into international and national laws, regulations, and procurement requirements. Finally, civil society can provide insight into how security services are impacting on local populations and serve in a watch dog capacity. A section of the report on “Good Practices and Lessons Learned” cites trust among stakeholders, equally weighted participation, consensus-based decision-making, and transparency as key factors for successful co-regulation; sage advice for other co-regulatory initiatives underway that have at times found themselves struggling with differences among stakeholders. From this perspective, the Voluntary Principles on Security and Human Rights come to mind.

From an insider point of view, it would have been useful to hear more not just about what happened – from the Montreux Document to the ICoC, to the Temporary Steering Committee that drafted the charter for the ICoCA, and now the efforts of the ICoCA to develop procedures for certification, monitoring, and grievance mechanisms – but also how certain compromise positions were reached and why stakeholders took the positions they did.

That being said, one section of the report goes into greater depth detailing the process behind and provisions of the ICoC, which went through three versions before being finalized in 2010. The reader is able to trace from that section key provisions that developed over time, such as the applicability of the Code to complex environments; the need for a multi-stakeholder approach, rather than an industry-led process; the ability to agree about the value of an accompanying International Governance and Oversight Mechanism, but not about its specific contours; and the importance of embedding Code standards into procurement practices.

Another section on the drafting of the charter, later called the ICoCA Articles of Association, which was about two years in the making, also gives a good sense of the extensive, consultative drafting process undertaken by the multi-stakeholder Technical Steering Committee, as well as points of disagreement that had to be addressed and the consensus that was attained. Significantly, the very detailed initial draft of the charter was significantly pared down, leaving it to the ICoCA to develop the specifics of the certification, monitoring, and grievance procedures. During negotiations of the charter, differences in views about membership in the civil society pillar resulted in detailed membership criteria being finalized by the pillar after the launch of the ICoCA. Views also differed on the broad outline of the grievance procedure. In the end, with the exception of an arbitration function, nearly all proposed functions of the grievance procedure – advisory, referral, mediation, special audit, fact-finding, and gatekeeping functions – found their way to some degree or another into the charter.

However, what is not addressed in depth, and indeed shaped the how and why of much of these negotiated outcomes from the ICoC onwards, was the completion of the Department of Defense funded ANSI/ASIS PSC.1 management system standard for private security operations in 2012. The DoD, PSCs, and other interested parties supporting the development of PSC.1 saw it as an operationalization of the ICoC’s principles, as called for in ICoC Paragraph 7 which speaks to the need for “objective and measurable standards for providing Security Services based upon this Code.” Furthermore, once PSC.1 was completed and a pilot project was underway to accredit the first certification bodies and certify the first PSCs, this shaped negotiations on the certification function laid out in the charter of the ICoCA. The Articles of Association Paragraph 11.2.1 state that the ICoCA Board “shall define the certification requirements based on national and international standards and processes that are recognized as consistent with the Code,” and 11.2.4 states that the certification process shall not be “duplicative of certification under Board-recognized national and international standards.” Indeed, certification to PSC.1, along with some additional human rights relevant information, such as the human rights risk and impact assessment methodology used by a PSC, is now the first officially recognized route to ICoCA certification. Yet the relationship between those certification requirements, the field auditing requirements of PSC.1, and the ICoCA monitoring procedure currently under development is still an open matter of discussion.

Is re-hashing these discussions about the relationship between these two co-regulatory efforts a matter of opening old wounds? Not at all. This detailed history of the origins of the ICoC/ICoCA, together with an understanding of the differing views of stakeholders and how those differences were overcome to reach negotiated agreements, is essential background knowledge that amounts to something akin to “founders’ intent.” First, as new members join the ICoCA and new interested parties follow its further development, this history allows them to better grasp the significant strides that were made to get things to where they are today. Revisiting old disputes, or at least not understanding the origins of certain comprises, can hinder forward progress. Second, as ICoCA Board committees move forward with the work of assessing other international and national standards, developing monitoring and performance assessment procedures, and creating a grievance mechanism, it helps to remember the shared vision that drives the overall effort and the consensus that has already been attained. True multi-stakeholder initiatives by their very nature move at a slow pace. But the progress to date with the ICoC/ICoCA, in particular in terms of the commitments the industry has made to establishing an assurance framework with teeth, and the time in which this was achieved, are truly exceptional compared to other co-regulatory efforts. The historical insights offered in this report provide useful foundations for continuing to chart the way forward and increasing the uptake of international human rights standards by the private security industry on a global scale.

Second Edition of Briefing Paper “Private Security Standards”

Security standards jpeg

The Human Analytics team is pleased to offer an updated briefing paper comparing and contrasting standards for the provision of private security services. This is the second edition of the briefing paper, “Standards for Private Security Services,” and it contains additional information related to the recently released ISO 18788: 2015 Management System for Private Security Company Operations. The paper also examines three other standards – the Voluntary Principles on Security and Human Rights, the International Code of Conduct for Private Security Service Providers, and ANSI/ASIS PSC.1-2010 Management System for Quality of Private Security Company Operations. Among the issues discussed are the origins of the standards, their relationship to each other, implementation efforts, and recent developments. A chart compares all four standards in terms of their content, scope, assurance mechanisms, and governance. The briefing paper can be downloaded for free here, and is a useful resource for understanding the evolving standards landscape for private security services.

The Viability of Multi-stakeholder PSC Regulation

Individuals that follow the regulation of Private Security Companies (PSCs) will be particularly interested in Dr. Sorcha MacLeod’s recently published article, Private Security Companies and Shared Responsibility: The Turn to Multistakeholder Standard-Setting and Monitoring through Self-Regulation-‘Plus’.

MacLeod focuses on both the merits and questions concerning recent international multi-stakeholder initiatives related to PSC standards, certification, and oversight, specifically the Montreux Document, the International Code of Conduct for Private Security Providers (ICoC), the  International Code of Conduct Association (ICoCA), and ANSI/ASIS PSC.1-2012 Management System for Quality of Private Security Company Operations  (PSC.1), deliberately walking through each of these efforts and the intended role and interrelated nature of each.

Taken together she deems these multi-stakeholder processes for regulation of PSCs the “self-regulation-plus” approach because of the involvement of not only industry, but also states and civil society organizations.  However, MacLeod concludes, among other points, that this approach “is not the definitive solution.” In the end she feels that unless several cited issues with the current approach are adequately addressed “the likely effectiveness of the ICoC and ICoCA human rights model as applied through a standard such as PSC.1” remains an open question.

It is in the interest of all – the PSC industry itself, as well as the states, commercial enterprises, and NGOs that utilize PSCs – to have effective and universally accepted standards, certification, and oversight frameworks. MacLeod’s stated significant concerns (listed below with comments) with the new PSC regulatory mechanisms should be reviewed carefully and taken into consideration by each of the three member pillars of the ICoCA (states, industry, civil society) as well as by the commercial and NGO entities that utilize PSCs. The latter are not well represented in the state-client focused ICoCA.

State involvement and support. The ICoCA oversight mechanism must be perceived as strong and functional. In the United States, conformance with the PSC.1 standard is now required by the Department of Defense for all contracted private armed security overseas and the Department of State has recently stipulated in its largest protective services solicitation that each bidder must confirm compliance with the requirements set forth in PSC.1 (as well as demonstrate that it is a member in good standing with the ICoCA).  In the United Kingdom, the Foreign Commonwealth Office has stipulated PSC.1 compliance for overseas contracted security services. MacLeod questions how the ICoCA, with its focus to the state clients of PSCs, can be extended to the other commercial and NGO clients of PSCs.

Ability to deal with non-certified and rogue PSCs. Furthermore, MacLeod queries how the ICoCA can contend with non-certified PSCs. She makes the case for states to weigh in to encourage PSC clients in the NGO and commercial sectors to use only ICoC compliant PSCs.

Scope of the certification. MacLeod recommends that clients of certified PSCs know the scope of their PSC’s certification. Is the company globally certified to the PSC.1 standard or is the scope of the certification limited to a specific operating unit or geography?

Auditor competence. MacLeod stresses that certifying auditors must be competent in human rights. The human rights elements in PSC.1 are significant and require the use of auditors with suitable expertise. Additionally, it can also be argued that it is essential that PSCs draw upon human rights expertise themselves if they are to fully and adequately develop, implement, and sustain the human rights components of the PSC.1 standard. Failing to sufficiently develop, implement, and sustain the human rights risk management provisions of the PSC.1 will be corrosive to the credibility of the PSC’s certification as well as a significant undermining factor in demonstrating their responsibility to respect human rights and prevent adverse impacts.

Human Rights Impact Assessments. MacLeod highlights the current lack of clarity on how a PSC should assess human rights risk and impacts and what tools they should use to do so. She is spot on here. While PSC.1 does not explicitly require PSCs to conduct human rights risk and impact assessment (HRRIA), human rights is a specified component of the risk assessment process. As part of the risk assessment process, PSCs have the opportunity to conduct an HRRIA to identify specific human rights risk exposure and develop the processes to address each risk. PSC.1 also requires the establishment of a complaint and grievance mechanisms with external stakeholders. An effective HRRIA conducted with the cooperation and involvement of the local impacted community can greatly facilitate this process. HRRIAs are an imperative part of the overall risk assessment process and should be conducted as part of every pre-deployment survey or advance party at the tactical and operational level. Like security, human rights risk mitigation is most effective when it is developed and integrated at the initial project planning stage and not implemented as a “bolt on” or reactionary activity.

Client awareness, education and training. This certainly requires a greater awareness effort and MacLeod rightfully argues that the effectiveness of PSC.1 certification will be dependent upon the extent to which all clients, government, commercial, and civil society, understand the certification process. The ICoCA, with its multi-stakeholder three-pillar approach, can, and undoubtedly will, be instrumental in this regard.

By identifying areas of perceived potential weakness with the multi-stakeholder process as it currently now stands, MacLeod goes a long way in spotlighting the specific areas that must be addressed in the short term if a credible and viable “self-regulation-plus” PSC industry regulatory mechanism is to continue for the long term.

 

Register Now – Managing Human Rights Risks in Complex Environments – April 9 (Washington, D.C.)

Sponsored by the International Stability Operations Association (ISOA)

Co-sponsored by Fund for Peace/Facilitated by Human Analytics

MANAGING HUMAN RIGHTS RISKS IN COMPLEX ENVIRONMENTS

ISOA Members are leaders in the stability operations industry. They provide vital services in complex environments around the world. Their activities support peace building, stabilization and reconstruction efforts, security sector reform, humanitarian aid and disaster relief operations, and long-term development projects.

However, the fragile nature of the operating environments in which these services are provided pose potential risks to service providers and their public and private sector clients. In particular, the management of human rights related risks has been the focal point of various international initiatives to set standards applicable to service providers and their clients.

Beyond standards specific to particular sectors, such as private security, oil, gas, and mining, and humanitarian assistance, the UN has developed a broader framework – the UN Guiding Principles on Business and Human Rights – to assist all business enterprises, in partnership with governments, with ensuring respect for human rights.

This one-day forum will provide updates on a number of standard setting initiatives to address risks associated with operating in complex environments. Case studies will explore how various organizations have converted principles into management practice. Private sector clients will discuss the incorporation of standards into contracts, and U.S. government officials will offer insights into recent policy and procurement related developments. Legal, management consulting, and auditing experts will offer perspectives on standards compliance.

Thursday, April 9, 2015

9:00am – 5:30pm

LOCATION:

Hosted by the law offices of Foley Hoag – 1717 K. St, NW, Washington, D.C.

TO REGISTER:

http://www.stability-operations.org/events/event_details.asp?id=617493

(Open to the public and no cost to attend. Space is limited.)

AGENDA:

9:00am-9:10am                 Welcoming remarks                      

Ado Machida, President, International Stability Operations Association

Gare Smith, Partner, Foley Hoag Corporate Social Responsibility Practice

9:10am-9:30am                 Keynote address: The business case for managing human rights related risks

Representative from Unilever, TBD

9:30am-10:45am               Governments as clients: Key human rights concerns from the perspective of state actors

Moderator: Doug Brooks, President Emeritus, International Stability Operations Association

Jason Pielemeier, Special Advisor & Team Lead, Internet Freedom, Business, and Human Rights, U.S. Department of State

Christopher Mayer, Program Support, Acquisition, Technology and Logistics, U.S. Department of Defense

Donald “Larry” Sampler, Assistant to the Administrator, USAID

Representative from British Embassy, TBD

10:45am-11:15am            Coffee break

11:15am-12:30pm            Recent developments in standards for complex environments

Moderator: Dr. Rebecca DeWinter-Schmitt, Senior Managing Director, Human Analytics

The Voluntary Principles for Security and Human Rights

J.J. Messner, Executive Director, Fund for Peace

International Code of Conduct Association

Chuck Tucker, Executive Director, World Engagement Institute and Board Member ICoCA

ANSI/ASIS PSC.1 Management System for Quality of Private Security Company Operations and the Draft International Standard 18788 Management System for Private Security Operations

Dr. Marc Siegel, Commissioner, ASIS Global Standards Initiative

Standards in the Humanitarian Space

Laky Pissalidis, Security Director, InterAction

Trevor Hughes, Director of Risk Management & Global Security, International Relief & Development; Board Member, International NGO Security and Safety Association

12:30pm-1:30pm              Lunch

1:30pm-2:45pm Ensuring the implementation of standards

Moderator: Dr. Ian Ralby, Founder and Executive Director, I.R. Consilium

Legal considerations

Gare Smith, Partner, Foley Hoag Corporate Social Responsibility Practice

Implementing management system standards

Lisa DuBrock, Managing Partner, Radian Compliance

Third party certification

Tony Chattin, Director, MSS Global

2:45pm-3:15pm Coffee break

3:15pm-4:30pm Due diligence in the field: Case studies of standards implementation

Moderator: Clements Worldwide, TBD

Erik Quist, Vice President and General Counsel, Sterling Global Operations (invited)

Nick Welch, Director International Relations, Noble Energy (invited)

Dr. Kateri Carmola, Director, Carmola Consulting Group

Rafael Khusnutdinov, Director Global Safety and Security, Save the Children

4:30pm                                 Reception

Association for oversight of private security companies holds meeting to share successes and plan the road ahead

logo-smallThe International Code of Conduct Association (ICoCA) held its Annual General Assembly meeting in London last week. The ICoCA was established last year to provide oversight and ensure implementation of the human rights and humanitarian law commitments laid out in the International Code of Conduct for Private Security Services Providers (ICoC). The gathering brought together members from the multi-stakeholder organization’s three pillars – private security companies, governments, and civil society organizations – as well as independent observers. Human Analytics is a member of the observer pillar. The cross-section of leading security companies and industry stakeholders came together to learn about the ICoCA’s activities in the past year, objectives for the coming year, and progress made in developing key procedures essential for effective oversight and accountability, namely certification, reporting, and monitoring.

Much has been accomplished since the launch of the ICoCA. Executive Director Andy Orsmond recounted the many steps taken to put the ICoCA on a sound organizational footing, such as setting up the Secretariat in Geneva, establishing Board election procedures, which allowed for the election of a new Board chair and two new Board members, the development of membership requirements and an application process, and creating infrastructure and an information security policy. The latter is particularly important to member companies, who must include detailed information about their operations in their applications, and will soon be requested to share additional information as part of the regular reporting requirements, which are still being developed. Those companies want to know that their information is being preserved in a confidential and secure fashion.

Looking to next year, from the basis of a strong financial footing, the ICoCA has laid out ambitious objectives for itself. One of the top priorities is to complete development of the certification process, to include voting on certification procedures and the creation of a framework to assess various national and international standards to which security companies are currently being certified. PSC.1, shorthand for ANSI/ASIS PSC.1-2012: Management System for Quality of Private Security Company Operations, is the first national standard to be evaluated against the requirements of the ICoC. A maritime security standard, ISO/PAS 28007, is next in line. Recognizing that attaining certification is a phased process, the ICoCA will develop a means for companies to transition into full certification.

In addition to tackling certification procedures, the Board has set up a working group that is currently in the process of developing reporting criteria and monitoring protocols. As the ICoCA seeks to grow its membership and the observer pillar in the coming year to include reaching out to other industry stakeholders, including non-state clients, potential new members and supporters will no doubt be interested in understanding what certification, reporting, monitoring, and grievance procedures look like in practice. The intense discussion among attendees about evolving concept papers on these various procedures leaves no doubt that developing these procedures will require extensive negotiations and consultations. However, listening to the Secretariat staff and Board members, it is clear that they are forging common ground. It is to the credit of the ICoCA that it is carrying out these discussions in an open and transparent fashion.

Multi-stakeholder consensus building is never an easy process, but what comes out at the end will likely have greater legitimacy and credibility. As UN Business and Human Rights Working Group member Alexandra Guaqueta said in Geneva at the UN Forum the day before the Annual General Assembly, the ICoCA reflects a “new generation” of multi-stakeholder initiatives. She described it as being exemplary for its consultative nature, the solid technical work it is based on, its strong governance structure with greater accountability mechanisms, its solid membership with willing first movers, the high level of industry participation, and a built in incentive structure, with participating governments building adherence to the ICoC into procurement processes.

However, as other participants remarked, to move forward each pillar must be prepared to give a little and not allow the perfect to be the enemy of the good. The ICoCA will always be a work in progress.