S2E2 – In this episode, we welcome Rémy Friedmann, Senior Advisor at the desk for human security and business in the Human Security Division of the Swiss Federal Department of Foreign Affairs. Former Chair of the Board of Directors of ICoCA, Rémy will tell us about the process of creation of the ICoCA, as well as the Swiss government’s role in the promotion of responsible security practices.
Hello, I’m Chris Galvin. Welcome to today’s podcast. This year, we’re celebrating ICoCA’s 10th anniversary. And so in this third season, we’re going to step back in time to investigate the origins of ICoCA and explore the journey over the last decade. To get us started, I’m excited to introduce Rémy Friedmann, senior advisor for Human Security and business at the Swiss Federal Department of Foreign Affairs. Rémy, you served as ICoCA’s first chair of the Board of Directors between 2014 and 2019. So, I want to extend a warm welcome back to you. It’s great to have you with us, can you start by telling us a little bit about your own background and how you came to work on the topic of increasing regulation around the security sector?
Many thanks, Chris, and thank you for giving me the opportunity to have this exchange and talk about the contribution that ICoCA has made to the responsible provision of private security. As for my own background, I started working on this topic back in 2011 when I became a senior advisor on human security and business and human Rights at the Peace and Human Rights Division of the Swiss Federal Department of Foreign Affairs. I have a background working in the humanitarian field, working for the ICRC, on the field, working with the High Commissioner for Human Rights and for the Swiss Foreign Ministry, as well as for the European Union on Crisis Response and Peacebuilding. My approach to the International Code of Conduct for Private Security services goes back to before the establishment of ICoCA. As I said, I joined in 2011. The current position that I have and back then we were in the process of negotiating what was then called the governance and oversight mechanism of the Code of Conduct for private security service providers. There was a temporary steering committee, a multi-stakeholder one, composed of representatives of civil society, government, and private security companies that were discussing how to establish the functions of a governance and oversight mechanism and the governance itself of what was a voluntary code. That was the process of a negotiation between the different stakeholders until 2010. So back in 2011, when I joined this process, there were ongoing discussions between the three pillars: civil society, private security companies, and governments on the establishment of governance and oversight mechanisms of the Code of Conduct.
There was a new element in this process, and it was a priority for the Swiss government really to work on so-called smart, multi-stakeholder initiatives. The Code of Conduct was such an initiative in the sense that it was a voluntary code. But once you adhere to the Code, once you signed up to a code, you were signing also up to the establishment of a mechanism that would ensure that you would comply with these voluntary commitments. So there were, of course, different interests coming from civil society, private security companies, and governments, and it took quite some time to come up with the finalization of what was then the status of this oversight and governance mechanism that became ICoCA, the International Code of Conduct Association. So everything took some time to balance the different interests, but it was really for the Swiss government, an important process, an important initiative because we had just gone through the adoption of the UN guiding principles on business human rights that were also the result of a multi-stakeholder engagement dialogue. They were adopted at the Human Rights Council in June 2011, and with the Protect, Respect, and Remedy framework, we had truly a framework for these new initiatives, these multi-stakeholder initiatives, a smart one as I said. The very interesting point here was that the Code of conduct had already been established on the basis of this framework. The UN guiding principles had not yet been adopted formally, but in 2010, when the negotiation of the Code had been finalized, we already had a Protect, Respect, and Remedy framework. So governments have the duty to protect human rights, including with respect to possible human rights abuses by third parties, including the private sector. Companies have the responsibility to respect human rights and the possible victims of those who may be affected by economic activities, have the right to access credible and effective remedy mechanisms. So we already had this framework and we had a very strong basis for negotiating the establishment of the governance and oversight mechanism that became the International Code of Conduct Association. So with this framework, we had to establish a grievance mechanism, we had to establish a monitoring mechanism to follow up on the implementation of the Code, and a mechanism to certify that companies had the processes and policies in place to respect the provisions of the Code. We really had a verification mechanism of a voluntary commitment. So once you have this mechanism, it’s not that voluntary anymore. You sign up for the Code, but then you have to submit yourself to the verification mechanism.
What was interesting was that initially, you had a number of companies that you were dealing with. You probably had a different landscape from now in terms of the challenges, in terms of the size of the companies. So you had hundreds of companies that had signed the Code, but once ICoCA was established, after the statuses of the associations were negotiated in 2013, after the launch of the association in 2013, well, we had to look at how many companies would actually live up to their commitments by really adhering to the association and not only contenting themselves with simply signing the Code of Conduct. So we had to go through a process where a number of companies had to be asked whether they would adhere, and if not, we would have to tell them, Well, you cannot claim that you are a signatory. That doesn’t mean anything. You need to be a member of the association. We had to do some qualitative control to look at whether any companies were still claiming or putting the logo of ICoCA on the website, etc. In order to avoid that, we would have any free riders on the Code of Conduct. So we had this initial challenge. We also had the challenge to get more governments on board through the negotiation of the statuses of the charter, what we call the association. We came up with an interesting idea, which was to establish a Montreux document forum whereby governments that were not necessarily yet ready to fully adhere to the association, would be ready to engage with the association in order to discuss elements related to the implementation of the Montreux document.
So as you know, the Montreux document is the basis of the Code of Conduct. The Montreux document establishes duties for governments when they contract when they are hosts, or home governments, or private security companies in situations of conflict. The Montreux document, as you know, was established by the ICRC, and was the result of a process where ICRC was very much active in terms of upholding international humanitarian law. And so it was out really of a humanitarian tradition of Switzerland to launch this process and follow up on it. So the particular interest for Switzerland there was, we were at the juncture where you had humanitarian considerations, but you had the business human rights world that was really growing, establishing a framework. And the idea of a code of conduct stemmed really out of this realization that companies had to make a commitment. They had to be made aware that they had a responsibility to respect human rights. And by establishing a code of conduct, it would have to take up this responsibility. And it was also an element that would bring them a business-added value as well.
Just going back to the UN guiding principles on business and human rights, was it fortuitous timing that happened to come around, you know, before the formulation of the association, or was that by design?
I think there were a number of parallel processes happening more or less at the same time in those years, 12, or 13 years ago. So the process that was launched at the UN, led by the special rapporteur on transnational companies, John Ruggie, goes back to those years preceding the ten years of the years 2000, and in parallel you had the Montreux document process was happening in those years. So at some point, they actually converged. In terms of establishing due diligence processes for the provision of private security, it was actually very timely that we had already ingrained in the Code of Conduct the Protect, Respect, and Remedy framework and then the adoption of the UN guiding principles, and that we could really adjust the oversight and governance mechanism to the guiding principles. So the guiding principles were really appropriate and timely. It was really important they were there at that point in time where we were really talking about the smart mix of voluntary and regulatory measures, but with the idea that we wouldn’t wait for more regulation to come up, we would strengthen the voluntary commitments through oversight verification, through the development of indicators. And what was really innovative here was that we had this combination in a pragmatic way, in an inclusive way, and that was really the spirit of the Swiss approach, then maybe we can talk about it later. We introduced some more elements to make it more effective.
And just going back to those companies that, had signed the Code, because when signing the Code, it stipulates that by signing you will then commit to joining the oversight mechanism, which is what ICoCA is. Why do you think? I mean, I think there were around 700 companies that signed in the end and around 100. My understanding also of those who joined. Why do you think there’s such a disparity between the companies that signed up and finally, those that actually committed to joining the association?
Well, you’re right to point at this gap between the companies that signed up and then the companies that really joined. But that’s where we could really verify who were actually serious in their commitment and really knowing what they were doing when they signed up and, yes, fulfilling what they were expected to do. Then we also had the phenomenon of companies that were not necessarily ready to be certified, to be monitored. And we had smaller companies that were maybe not yet up to the standards that were expected and had somehow to abandon. Then you had also the phenomenon of reorganization of the sector companies that were merging. Some were disappearing, some bigger companies were taking over small ones. So reorganization of the market itself. But it’s always easier to simply sign up a paper, even if you know that at some point in time, you will have to do more. And then simply think about it later in the not necessarily meeting what is expected from you. It’s also easier for you to, for a certain period of time, to use the brand because somehow companies were smaller companies who have not necessarily adhered to the association, so a market advantage possibly in using the brand of having signed up to the Code.
And that signatory status was removed from the Code in 2021, correct?
2021? Wasn’t that earlier than 2021.
Perhaps it was earlier. But the Swiss government maintained a registry, I understand of signatory companies, and stopped maintaining that registry, and signatory status was removed.
Yes, but that was back in 2014, 13 or 14?
No. In fact, the reference to signatory companies remained in the Code of Conduct until it was first amended.
In the Code of Conduct itself. Do you mean the reference to the fact that you can be a signatory? Okay. All right. But because until the establishment of ICoCA, we were keeping a registry of the companies that had signed. The companies were sending letters to the Swiss government, and then we had a registry of the letters.
Yeah. And it was a challenge for us in the Secretariat. That Code referenced signatory status, but the registry was no longer maintained and the mechanism was up and running and companies essentially were and still do. Some of them will say, take advantage of their signatory status, even though it’s not recognized by the Swiss government. So, once ICoCA was established, what were some of the key actions to ensure that it operated effectively and became fully operational and functional? And how long did that take?
So it took some time, because when the association was established, so the Charter and the statuses of the associations had been negotiated, but there were no details yet on how the different functions would work. So how monitoring would happen, how certification would happen, and how a grievance process would be put in place? So that was still a subject of negotiation. Negotiations were actually quite intensive and harsh during a certain period of time. So it took a number of years to establish the different mechanisms. So I wouldn’t say that, well, we had this big bang in 2013 and everything was operational, took still some time for these initiatives for the association to really take off and be at a cruising altitude where you could really discuss substance, you could really observe how companies were behaving on the ground. There were different interests. There were also some of the standards that had existed out there, like the “SC-1” and some other standards against which certification would happen. There were discussions around which standards could be recognized in order to be certified. What the process would be? What would be the role of ICoCA? What would be the role of auditors? Should these auditors be accredited, etcetera? And how would the civil society concerns be taken into account? How would the companies access certification in geographies where these auditors were not necessarily present, where the documents were all in English? So there were, there was a lot that needed to be done also in terms of having the broad global worldwide coverage of the Code that was being expected for this to really be an innovative and complete and the really the standard setters of the world in terms of responsible provision of private.
So took a few years before the details of the tree functions were established. There were also some concerns about how would monitoring happen. Would it be on a regular basis? Would monitors of the association be parachuted somewhere on the ground to look at how the companies were behaving? What would be the methodology? Actually, the clients of private security companies accept that you know that some of the companies that hire private security service providers are extractive mining companies. Some of them are members of the voluntary principles on security and human rights and other multi-stakeholder initiatives that Switzerland supports. But that doesn’t have the same level of verification on the ground. These are some of the issues that somehow needed to be taken on board, and discussed thoroughly before all the elements would be adopted and approved. And I’m happy to have been able to participate in the first monitoring missions of the association. There were also, of course, resource constraints in terms of having enough personnel, enough personnel that has the capacity to carry out the monitoring on the ground.
And in terms of the governance and how these decisions are made. Can you just tell us a little bit about how that works? Is it the board of directors? It’s a multi-stakeholder, obviously. So, how does that work?
Something that in 2013 the board of directors composed of four representatives of each pillar was set up. So, four representatives of government, four of companies, four of civil society, we had an ongoing concern of having pillars that were really representative of the broad spectrum of each pillar. So, good geographical distribution in terms of who was representing civil society, the private sector, having more governments on board. But the decisions, yes, they were made by the board of directors. We had decisions, actually, that were not necessarily made, where decisions were proposed by the board of directors to the annual General Assembly of the associations. And that’s where we had discussions, of course, with the three pillars. We also needed to have a good representation of this annual general assemblies from, the three pillars so that we could use your voices not only from the north but also from the south, from different parts of the world. We had initially in the first year some tough discussions during this General Assembly where the board of directors came up with some proposals that were not necessarily accepted easily by the General Assembly, by the members. But, yes, step by step, we managed to overcome discussions of some of the obstacles.
Voluntary mechanisms like this. You know, often people kind of criticize them for corporate capture. But can you tell us a little bit more relating to the governance, maybe what some of the tensions were back in those negotiations? I mean, you’ve given us a big long laundry list there of some of the issues that are at play. But what were some of the things that played out that maybe were contentious between, for example, the civil society pillar and the corporate pillar and governments?
For example, civil society was, of course, expanding a strong monitoring mechanism. So the priority of civil society was really monitoring. The priority of parts of the private security sector was certification, but sometimes certification would maybe favor some sectors, maybe the most powerful companies. So there had to be a balance because there was a process, there was an issue of accessing for some smaller companies from the south of accessing certification and being admitted. So, of course, there were tensions related to the power struggle that had existed in a competitive field like private security. Governments really wanted that to be a strong oversight, that it would also be a strong demand from clients, that companies are responsible, that part of their supply chain in terms of the provision of private security, that the ICoCA would actually adhesion, I mean membership and being certified by ICoCA would be a strong signal that due diligence is happening in this field, especially in fragile contexts, in complex environments. So these were some of the issues that were being discussed.
Were there any kind of positions that the Swiss government particularly took or key actions that the Swiss government took to ensure that responsible security practices were really being kind of be promoted in the final outcome?
Well, Switzerland took a big step when it adopted its own law on the provision of private security services abroad. So, a Swiss law that refers for the first time to a voluntary or so-called voluntary initiative. So maybe we should check the year. But when the law was adopted, there was a reference in the ordinance for the implementation of the law. The companies based in Switzerland that would provide private security services abroad in Complex environments would have to follow the provisions of the International Code of Conduct and adhere to ICoCA, and the same would apply to companies that would provide their services to Swiss representations abroad in complex environments. So until now, Swiss embassies abroad, Swiss cooperation offices abroad, when they hire private security companies for their own security in so-called complex environments, have to check whether these companies are ICoCA members, whether they’ve taken steps to be certified, whether they have taken the steps to become a member. Otherwise, they would not be able to get a contract. And that was a really strong signal. It also showed that Switzerland was really putting its trust and faith in the code of conduct as an international initiative that had not yet fully established its three mechanisms. So something that was really promising that had a very good potential, but that was not yet completely fully established. And that’s a signal that we have given. And we have also engaged with other governments, encouraging them to take steps in a similar direction. So at least making the adhesion to ICoCA a strong indicator for whenever they hire private security companies for their services. So a strong indicator, or even a requirement for the provision of private services for for other governments. So that was a political signal. It was also, yes, a risk that Switzerland took at that point in time. But knowing that we were committed to establish these standards at a global level.
Why on this particular issue, did Switzerland really stick its neck out and take that risk and take such a leading role? And what have the challenges been when we look at other governments? I mean, you’ve referenced the Montreux document and the forum, which I think has maybe 40 or so members now. And I think there was an assumption maybe that those governments would then join the association. But our government memberships have remained at seven. So what do you think the challenges are in getting governments to walk the talk and getting more to step up and and join the association?
Yes. And I have to recognize that in spite of ongoing efforts to bring more governments on board of ICoCA, most of the governments were content with being, continuing to be supportive of the Montreux document and support the spirit of ICoCA, but not necessarily becoming a member of the association. I think one of the elements is related possibly to the commitment that you have to make in terms of personnel and resources to be dedicated really to participate in the governance of the Code. Some governments maybe were not there from the very beginning. If you’re not there from the very beginning of the process, you become reluctant to join at a later point. There are so many competing initiatives, not competing, but the field, I would say, of multi-sector initiatives of commitments that governments have to make to different processes, multilateral processes, initiatives with the business, with other sectors is big and the resources sometimes are quite limited. So governments have to make choices. So now I would say that there may be momentum in terms of upcoming regulation in the area of business and human rights. We are moving towards more mandatory due diligence globally. The EU directive on corporate social responsibility and sustainability is being negotiated right now in Brussels. That’s coming up probably next year after the Parliament, the Commission, and the Council have agreed may provide an opportunity to say, okay, there is now a regulation at the global level, but to be able to be compliant with respect to the provision of private security services, which is a field that still exists and presents human rights risks, ICoCA can play a role and maybe governments, if they engage, if they are committed, if they are on board, they’ll be participating in a process that would facilitate due diligence in compliance with the upcoming legislation. So there is an element here of some more ingredients of some more binding ingredients in the global landscape in terms of business and human rights.
So on that note, do you think there’s a risk that with hard law coming in, these voluntary soft law mechanisms may be kind of put to one side, that people may see the hard law as being a kind of a silver bullet.
Well, they have to innovate. I think what’s necessary is to innovate and to look at the trends and be part of the process without necessarily renouncing to the voluntary nature of a number of initiatives, but really showing also to the governments that it’s not either or, but that the two are complementary. So you can actually adhere to a particular initiative, to a particular certification process while at the same time knowing that you have to comply with a certain regulation. But in order to perform due diligence, maybe being a member or supporting certain initiatives, might facilitate your following, actually what’s being expected in terms of performing human rights due diligence. So, performing human rights due diligence of your supply chain may imply different elements preventing. Forced labor in your supply chain or child labor. But private security could be an element. With respect to your contractors and the different tiers of your supply chain, having private security in the supply chain being actually certified through ICoCA being possibly facilitated actually aligns with upcoming regulations. So it’s not the fact that there is more hard law that doesn’t exclude the role of multi-stakeholder initiatives or voluntary initiatives if they are smart, as we said at the beginning if they are aligned with the UN guiding principles on business human rights.
So Rémy, we were very pleased to have you back this week chairing the board temporarily. Your successor, Fred Chaney, was on a mission to DRC, and so you very kindly stepped in and came to Geneva and chaired our latest meeting. Just wondering, on your reflections, four years since you’ve left, how you feel the association has changed?
Well, I was really impressed. It was really a timely, I would say, opportunity for this interview to refresh my memory about ICoCA since I moved on to some other elements related to business and human rights, some other aspects. But I was really impressed by the fact that we were discussing substance that were really presentation of very concrete ones, of the current challenges and trends of the sector, of what actually the Code of Conduct is currently accomplishing. And, here I could say, as opposite to what I said before, that we were really in the process of, we are now at a somehow at this cruising altitude where really the association has taken off. It’s delivering on its mandate, it’s doing monitoring, it’s certifying companies, it’s looking at the sector worldwide, looking at how to bring more companies on board and what are the new trends also in terms of elements that were not present 10, 12 years ago, like, for example, new technologies. The fact that companies in the sector are also now providing cyber security services, for example. So I really had the feeling also in terms of communication, dissemination, that things are really moving on. It’s that rich discussion. We are not anymore in this negotiation phase and mood that I went through when I was chairing the board until 2019, there were still a few things that had to be negotiated. So most of the board discussions, and meetings were really dedicated to these negotiations and a little bit less about reporting on monitoring missions, dissemination, information platforms, etcetera.
And I guess there are different challenges ahead now, but kind of looking forward now that we have this cruising altitude, as you put it, what do you see as being kind of key on the horizon over the next ten years with the sector? And how do you think organizations like ICoCA are positioned to help address these?
Well, I can say, I just mentioned the new technologies. We are now in a world where that’s fully connected and where the border between online and offline becomes more and more blurred. So new technologies are everywhere. And it’s also a complex world. It’s also a complex environment. And companies have, of course, followed the trend. And there, there are regulations coming up in terms of artificial intelligence, in terms of cybersecurity, in terms of integrating human rights into the digital world. And here I think that there is a challenge for the Code to take up these elements and see how it can possibly integrate these elements. Having a mapping of the sector, having a mapping of how the sector is using these new technologies how these new technologies may infringe on the rights of the affected, and how remedy can be accessed on these elements. So I think one of the challenges would be also to work with companies in the sector. Everybody is using technology, but there are also those who actually develop these technologies who may be doing it in a responsible way or less. And I think there, there are discussions that certainly ICoCA has to have. Other challenges are related to what’s happening right now in terms of warfare. We have all these mercenary groups like Wagner, etc, where actually breaking the boundaries of whatever is admissible. Of course, it would never be able to join a code of conduct. That’s not what they are doing. They are on the offensive. They’re using force. They’re replacing the monopoly of the force of some governments. But this represents a challenge in terms of the positioning of the sector, also how what means is providing responsible security versus what’s happening in the era of mercenaries. I’m sorry. You can certainly add to it in a more articulate way.
The mercenary issue clearly is a major challenge that we are grappling with right now. And no doubt there are going to be many others. But look, I just want to say a big thank you. For all your service and helping to navigate those initial rough waters to get the association up and running. And it’s exciting to see it now at cruising altitude and with the challenges ahead.
So listen, Rémy, thank you so much for your time. It’s been fantastic talking to you. We look forward to staying in touch and benefiting from your experience and wisdom in the years ahead.
Yeah, thank you. I look forward to being in touch again. We certainly have more things to discuss. Thank you.
The views and opinions presented in this article belong solely to the author(s) and do not necessarily represent the stance of the International Code of Conduct Association (ICoCA).
