Skip to main content

S1E1 – Podcast host Chris Galvin is joined by Jamie Williamson, Executive Director of the International Code of Conduct Association (ICoCA), whom shares his perspectives on the future of responsible private security provision. Recounting the history of the formation of the Association and how the security industry has evolved, Jamie lays out some key emerging issues. These include the role of technology, urbanisation, climate change, and Covid-19. All these trends are impacting the provision of responsible private security. So how are responsible private security service providers adapting to this new world, and how can respect for human rights and humanitarian law be assured in the future?


This podcast was originally published June 5, 2020

I’m joined today by Jamie Williamson, Executive Director of ICoCA. So Jamie, could you tell us first about the Code of Conduct Association and the context in which its working. Its mission is to raise private security industry standards and practices that respect human rights and international humanitarian law. Can you tell us what changed, what was the demand or need that led to ICoCA? How has the security industry changed in the intervening period, how might it change in future and what implications does this have for the Association and its mandate?

Thank you very much for that question and thank you very much for organizing this podcast with regard to the International Code of Conduct Association, its work and the evolution of the security industry and future security trends. I think the way to start answering the many questions and the first question would be to look at where the Association came from in terms of the era during which security contracts and military contracting gained prevalence and publicity. We need to cast our mind back to the second Gulf War, 2003 to 2011, and the rise then of a so-called privatization of warfare, a greater increase in the conflict landscape of military contractors as well as security companies. During that particular period, we saw a number of human rights abuses and humanitarian law violations allegedly being committed by a number of security companies. And we also saw a number of security contractors being put at the forefront of hostilities in high risk environments. Out of that, the Swiss government in particular and the International Committee of the Red Cross pushed for the development of a process which would strengthen the oversight and regulation of private security companies, which would remind countries of their pre-existing obligations under international law, recognizing that whilst security contractors and military contractors were not specifically named and let’s say, listed under international law instruments, they nonetheless had certain protections and obligations under those relevant instruments.

So in 2008, the ICRC and the Swiss government, with a number of states, including the US and the UK, developed and issued the so-called Montreux document, which is named after the town of Montreux in Switzerland and is effectively a restatement of pre-existing international law obligations for states and how they apply to private military companies and security companies. Out of that process and in parallel, the development of the UN guiding principles on business and human rights, we saw a recognition that it was important not only to address the obligations and responsibilities of states, but we also need to speak to the industry specifically. It was ultimately the security companies themselves, the contractors, the stakeholders, and supply chain that had responsibilities themselves to apply certain international standards. So, in 2010, an international code of conduct for private security providers was developed. Again, it was a multi-stakeholder process involving civil society organizations, governments, the security industry and clients, and the Code of Conduct, which incorporates a number of general and specific comments looking at human rights obligations, humanitarian law obligations, and some labor law obligations as well, as well as responsibilities for security companies.

And through that code of conduct, a recognition also that to give effect to those obligations, to those commitments under the International Code of Conduct, one had to establish a governance structure. Hence, the creation of the International Code of Conduct Association in 2013. Likewise, multi-stakeholder, involving governments, civil society organisations and security companies, and effectively an organisation which works with its members to give effect to the obligations under the International Code of Conduct.

In terms of the evolution aspect that you mentioned in your opening question. What we’re looking at today is a landscape which is fundamentally different from the issues that we were looking at during the second Gulf War. And we’re seeing a landscape which is much more internationalized in terms of security providers operating in so-called complex and high-risk environments, which is the focus of the Association’s work. So, we are no longer looking simply at 2 or 3 countries in the middle of an armed conflict situation. But we have dozens of potential countries where there may be a lack of good governance, security vacuums, etcetera, and where we see security companies, operating members or non-members of the Association, which give rise to potential problems on the International Code of Conduct.

Some people might look at ICoCA and characterize it as a voluntary, industry driven initiative that suffers from all the weaknesses that come with industry self-regulation. Is this a fair characterization, and if not, why not? What does history tell us about raising standards in the corporate sector, how can we be assured that ICoCA is well positioned to do this now and in the future?

Thank you, I think it’s a valid question and I daresay it’s a valid criticism quite often of many initiatives which involve the industry and the actors that are meant to apply different obligations. Naturally, of course, the Association and membership of the association is a voluntary process, but it’s by no means a self-regulation kind of mechanism. Instead, in the same way as the development of the International Code of Conduct was a multi-stakeholder initiative. The Association itself is a multi-stakeholder mechanism which brings to the table all of the key stakeholders in ensuring that security standards and internationally recognised standards are being met.

Let me unpack that a little bit. When we’re applying the International Code of Conduct to security providers, they as security providers have the commitment and the obligations to meet the terms and the principles contained within the International Code of Conduct. By having governments at the table as well. The governments bring their authority and responsibility as the regulators, as the national mechanisms for ensuring judicial accountability to the process as well, and a level of oversight with regard to how the security companies are respecting human rights and humanitarian law. And then you have the civil society organizations at the table, too, who can offer an effective advocacy potential denunciation, but also capacity building and monitoring role in many countries where security providers, in particular the Association of Member Security Providers, are operating at the table.

So together they try to, as stakeholders, form a fairly integrated system in terms of evaluation, working on complaints, raising standards, dealing with capacity building and so on. One of the, I think, key elements that we need to look at as well is access to an effective grievance mechanism and remedies. So the Association also offers a complaints mechanism whereby individuals who fail in one way or another aggrieved as a result of actions by a private security company, or if members of a private security company, their guards or personnel are affected by management processes or any issues within the practices of that particular company can submit a complaint if it’s related to the International Code of Conduct, and that complaint then will be dealt with with the members, but also with the national authorities on a confidential basis to ensure that there’s an effective remedy given as part of this process. But ultimately the Code and the Association has strength. But a lot depends on all of the stakeholders coming to the table and acting accordingly.

Can you tell us more about the role clients as consumers of security services play? Who have clients traditionally been in the past and how is this changing? Why should clients now and in the future be interested in ICoCA? Why aren’t clients formally represented in the Association, what challenges does this present and is this likely to change in the future?

Ultimately, we can have civil society organizations and governments and others driving the process and security companies committed to fulfilling their obligations. But provision of security services is very much a commercial reality. It’s a business. And so, clients have a fundamental role to play with regard to the oversight and the mitigation of risks in the use of security companies. Clients, traditionally, if we go back to the second Gulf War, would be, for the most part, governmental agencies, diplomatic missions and the likes. There was a reluctance, a decade back on the part of other organizations, including humanitarian organizations and the United Nations, to rely on the services of security providers. But since approximately 2012 or thereabouts, we’ve clearly seen an evolution both in conflict areas as well as complex environments in the range of clients that are using security companies. It’s no longer a situation limited to government clients. We are seeing corporate entities, businesses, the United Nations, humanitarian actors, NGOs and the likes, all relying on the services of security providers in high risk or complex environments in different parts of the world.

Without clients demanding more of the security providers in terms of due diligence, demonstrating respect for the International Code of Conduct doing human rights impact assessments, dealing with issues of sexual exploitation and abuse, for instance. And without that drive by clients, there will be, I think, a lag in terms of security companies aiming to raise their standards and apply the International Code of Conduct.

Why were clients not part of the process initially? That is a fair question. I think one would have to go back to the records in the development of the International Code of Conduct and the procedures. Clients can and do play an important role already with the Association as observers of the association as key stakeholders in that regard. But I think realistically, to give more weight to client buy in and recognition that clients have for the International Code of Conduct and responsibility of security providers, I dare say introducing a more formal role for clients within the association is something that has to be contemplated going forward.

And can you tell us a little bit about how the association kind of does engage with clients at the moment?

It’s a positive, constructive dialogue, which I dare say needs further opening and expansion with clients. As I mentioned a few seconds ago, the range of clients that we are dealing with go from governments and corporate entities all the way through to humanitarian agencies and NGOs, and there are dozens, if not hundreds of different individual clients in these complex environments. So, we tend to do quite a lot of outreach and bilateral communication and engage with specific clients, transnational corporations, for instance, the United Nations, NGOs and governments to have them understand one, what the International Code of Conduct Association offers in terms of its value proposition. And I think secondly, the content of the International Code of Conduct. What do the principles stand for? Why are they so important? And then to have a more technical discussion with the clients with regard to their own due diligence? In other words, having them understand that by integrating references to the International Code of Conduct, to the International Code of Conduct Association as part of their procurement processes, will be beneficial to their own due diligence to help them manage their own risks within their supply chain, but also ensure that they’re fulfilling their duty of care to their employees who will be the ones ultimately protected by security companies. So, it’s the technical beyond simply the principles in terms of dialogue that we have to have with clients, we are seeing more traction with clients. I think we have to recognize that the association is still relatively young in terms of its operational footprint, but this growing awareness and this growing buying by clients is clear that there’s still much work to be done.

I would like to turn to a current day situation, particularly looking at Covid-19. I’d be interested to hear about what the impacts of Covid-19 have been for ICoCA and its corporate members particularly. Private security has been deemed an essential service in many countries around the world. So, does this mean that security guards are really on the front lines of the crisis? And what has this meant for their employers? Do they have a duty of safeguard for their staff, for example? And does the Code have anything to say about that?

The Covid-19 pandemic has naturally affected security companies as it has affected many other individuals and businesses in complex environments. The range of challenges, and I think the responses of security providers, especially the members that we have seen has being quite remarkable. I think the first point I’d make for this question is in a number of contexts, private security companies have effectively been put on the frontline, both as responders or as essential workers, or simply by being security guards themselves having to take care of facilities, being guards at hospitals, being guards outside shops which have been closed down and so on. And the question that has come up in many of these environments is how do the companies themselves protect the security guards, the security personnel from the potential contamination of Covid-19? If you’re going to put security guards and security personnel on the frontline, have the companies truly thought about the PPE, about their protections, about the rotations of the guards, about quarantine issues, about mobility and so on? And we have had a fairly positive dialogue with a number of companies who’ve come up with a number of best practices to address this. The Code doesn’t speak specifically about Covid-19 type situation or pandemic. However, the Code does require its member companies to put in place a certain level of measures through general commitments. They have responsibilities for the safety and the and the health of the employees through a safe and healthy working environment. They have to put in place potential grievance procedures. But I think in particular, questions of meeting liability insurance if a company, through its operations and contracts are exposing their security guards to Covid-19 and if their guards are coming down with Covid-19 and it affects their families or there’s a loss of life, do the companies have in place a necessary insurance coverage to deal with those situations? And training companies have responsibilities to train their guards, to train their staff and their management. How do companies then adapt that training to deal with a pandemic? So, we do have that duty of care integrated into the Code of Conduct, and it has been reflected in terms of actions by security providers in different contexts.

But then on the practical level, we’re also seeing how Covid-19 is affecting the operations of private security providers. To give you an example, if you’re a security company that has both international staff as well as national staff, and there have been country wide lockdowns and no international travel. How do you put in place and maintain a rotation of the international staff? How do you ensure their own well-being, psychological or physical, if they’re going to stay on post as such for more than the normal so-called tour of duty beyond the six weeks or nine weeks which could go into 3 or 4 months? How do you ensure that the guards that are the local guards are themselves in a safe environment if they have to go home on a daily basis and then come back to the concession that they’re guarding? How do we ensure that they are not exposed, that they can keep their social distance from their families and from employees and from clients and so on? And then, of course, there’s the overall sort of generic impact if security is a security service based on mobile security services, but there are curfews, there’s no mobility anymore, there’s no international transport. And then we’ve seen a whole segment of the industry which is going to suffer directly as a result of Covid-19.

And are you hearing about that from members? Is that a segment of the industry that is being affected at the moment?

Definitely. I think this is in particular the case for those security companies with an international client base and in particular in the kind of high-risk conflict environments. We have heard from security providers, member companies, that effectively one of the first things that they had to do when Covid-19 started in their particular context and when lockdowns started taking effect, the first task that they had was to evacuate their clients, the international clients. And for many of these security providers, they evacuated up to 90% of their international clients. So, with all the international clients gone and no international clients anymore or very few in country, the question of providing mobile security services potentially becomes redundant because there’s no movement anymore. In many of these contexts, there may be limited levels of movement in certain environments, but overall that market dwindled quite dramatically.

So, then the second question comes from that, which is, okay, if we can’t provide mobile security services, what does one offer as the alternative? If one can’t provide on top of that static security services because there may be a high percentage of guards who are, let’s say, coming down with Covid-19 or curfews may have been put in place or the security companies have not been deemed essential services, and the guards themselves cannot move from their home environment to their work environment. Then the security company needs to figure out how to provide security in that context. So, then the question of technology kicks in as well, and what kind of technology can replace static guarding and manpower as such.

Pandemics are clearly one type of event that can have profound consequence on all facets of life, including the provision of responsible security, but what other types of events and what trends are you concerned about that may have an impact on security, human rights and the provision of responsible private security?

Maybe I’ll break that down to two kind of timeframes. I think the first evolution that we are looking at. Would be in direct relation to the Covid-19 pandemic, because the consequences of Covid-19 will be felt beyond the next few months, will certainly go into the next 2 or 3 years. And we are already seeing in a number of contexts insecurity rising as a result of the Covid-19 pandemic and the measures taken by governments to clamp down, to create lockdowns and to use in some situations the pandemic as an excuse to push through certain policies or to run the country in a way that they deem fit, which may not be reflective of good governance. So, there’s a potential in a number of these contexts in complex environments affected by Covid-19 to see a weakening of good governance structures, to see an increase in a lack of transparency as such in terms of what the security environment looks like and how security is carried out in those contexts. In addition to that, we may see a question of security vacuums being created as a result of Covid-19, and the question there would be what is the role of security companies in those environments? And then how do you monitor the actions of the security companies if international travel has been curtailed, if curfews still exist or if lockdowns have been maintained beyond the next few months? I think that’s sort of one set of issues to look at in the immediate foreseeable future.

But then building a more sort of future security trends kind of dynamics. Last year, the Association working with some of its members and a few experts, started looking at future security trends. What could be some of the issues which would affect security going forward? What could be some of the new threats and the operating environments that we need to be aware of, which will have an impact on what security services will look like in 10, 15, 20 years from now.

And some of those highlighted by the Association and the experts, included such trends as urbanization with megacities, 20 million plus individuals. What does security look like in those highly urbanized environments? If you add to that environments with major slums and a pandemic type situation, security will be tested in terms of how it’s delivered. And the question is how can it be delivered? What will be the resources available to security companies in that regard? The second issue, which was considered was the impact of technology. And I think the pandemic has simply accentuated the fact that technology will play an ever-growing role in terms of how security is provided and how services are maintained in even the sort of the more extreme environments when there’s a pandemic. And then with that, the safeguards, the human rights safeguards in terms of use technology, data protection, for instance, keeps coming up as a major issue. And then potentially the last area that was sort of touched upon is climate change. What will be the impact of climate change on the security of environments and then on the nature of private security companies and the services that they offer. Bring those three together urbanization, technology, and climate change and add now this fourth dimension of pandemics. You can see that going forward there will be a range of testing issues and I think complex situations that we need to work on to ensure that at no time are security standards compromised and that human rights and humanitarian law are being respected in even the more extreme situations.


The views and opinions presented in this article belong solely to the author(s) and do not necessarily represent the stance of the International Code of Conduct Association (ICoCA).