Daily Archives: 02/10/2009

SMT Online Editor’s View: Securing better regulation

According to the Better Regulation Executive’s latest report, the Security Industry Authority “is prioritising its use of better regulation principles, and has made real progress on improving its performance”. Is that so? Brian Sims looks far beyond the Executive Summary.

Amid little fanfare, a Government document courtesy of the Better Regulation Executive and the National Audit Office – and enticingly entitled ‘The Security Industry Authority: A Hampton Implementation Review Report’ – was published on 22 September.

Before delving into its myriad findings, permit me to set the scene a little.

Sir Philip Hamptons seminal report – ‘Reducing Administrative Burdens: Effective Inspection and Enforcement’ – saw the light of day back in 2005. From that point in time, it became one of the present Government’s cornerstones of the much-championed better regulation agenda.

The basic principles of effective inspection and enforcement set out in that tome – which, necessarily and correctly, places risk assessment at the very heart of regulatory activity – are designed to encourage a modern regulatory system which “properly balances protection and prosperity”.

In line with Hampton’s musings, the Government has – and not unreasonably – established an expectation that all regulators will embed these principles in their approach to regulation.

Developing an external review procedure

To check whether or not these expectations are being met, back in 2006 the Chancellor (at the time none other than Gordon Brown) invited the Better Regulation Executive (currently presided over by chief executive Philip Rycroft, and which sits inside the Department for Business, Innovation and Skills) and the National Audit Office to develop an external review process suitable for assessing how much progress various regulators are making in terms of implementing Hampton’s principles.

‘Hampton Implementation Reports’ covering the work of five major regulators (31 will eventually come under the microscope) were duly published in March last year. The review process is ongoing and, interestingly for all of us in the security sector, the ‘inspectors’ have now focused their attentions on the Gangmasters Licensing Authority – a previous employer of Mike Wilson, of course – and the Security Industry Authority (SIA).

This latest review of the SIA’s work to date was conducted in January, during Bernard Herdans highly successful tenure as interim chief executive following Wilson’s swift departure. Strange that it took eight months to write up the subsequent report that’s a mere 44 pages in duration, but I digress.

Members of the review team were drawn from the Better Regulation Executive, from wider Government, the Charity Commission and the Trading Standards Institute (among others).

Apparently, the reviewers “talked to a wide range of Stakeholders, to staff at all levels within the SIA’s organisation, conducted visits to business sites and analysed data and papers”. The report before me “reflects the judgement of the review team on the basis of the evidence put before it”.

During their deliberations, members of that team – namely Rosie Chapman (from the Charity Commission), Mark Halliday (of the National Audit Office), Paul Ramsden (Trading Standards Institute) and Rena Lalgie (Department for Business, Innovation and Skills) – were also bearing in mind Professor Richard Macrorys 2006 review of penalties for failure to comply with regulatory obligations. In ‘Regulatory Justice: Making Sanctions Effective’, Macrory suggested that regulators ought to focus on outcomes rather than action.

If you recall, he also recommended that sanctions should be aimed at changing the behaviour of non-compliant businesses and eliminating any financial gain to be had from non-compliance.

Top line findings of the BRE report

What, then, were the major findings? Specifically, they are that:

• the SIA does indeed place a high priority on implementing the Hampton and Macrory principles

• the SIA’s Approved Contractor Scheme (ACS) has helped in raising standards in the industry, while at the same time avoiding some of the possible associated burdens

• there are a number of additional benefits arising from work with the ACS, including the “better exchange of Best Practice within the industry”

• “good evidence” has been found to suggest that some of the issues around licensing services which have affected the regulator in the early stages of its work are now being resolved

• while Stakeholders believe that communications between the SIA and the industry had been “problematic”, the consensus view is that this situation is now improving – the SIA “is beginning to engage constructively and proactively with business”

• there’s a strong perception among Stakeholders that, while criminality in the sector has not been eliminated, it has been reduced directly as a result of the SIA’s efforts

Let’s look at some of these points and assess just how much water they hold.

Both the Hampton and Macrory reports are concerned with effective regulation. In short, achieving regulatory outcomes that minimise the burdens imposed on business. Absolutely key to all this is the idea that regulators ought to be risk-based and proportionate in their decision-making, and at the same time transparent and accountable for their actions.

Unlike so many of the regulators covered by Sir Philip Hampton’s original report, the SIA boasts a clear framework within which compliant businesses can attain what’s euphemistically termed ‘earned autonomy’.

On this point, the review team found that risk is “effectively used in the operational aspects of the Authority’s work: additional data requests and inspections are used only in cases of known or suspected non-compliance, while key risk factors – including intelligence which suggests probable links to organised crime – are taken into account when planning the work of the inspection and compliance teams.”

The SIA, of course, has a Strategic Assessment document in place listing the risks confronting the Authority, and accounting for their likely impact on regulatory outcomes. Interestingly, though, the Better Regulation Executive report comments: “The SIA’s compliance and enforcement operations are intelligence-led, but we found that intelligence was not put to such good use at a higher level of decision-making – where the links between intelligence, risk and strategic planning were less in evidence.”

Is that not a little worrying? I would say that it most certainly is. We live and work in an age where the phrase ‘joined-up thinking’ is now everyday parlance. One would expect the regulator to exhibit such traits at all times and at all levels.

Comparable but not identical objectives

It’s fair to say that much of the SIA’s work is conducted at arm’s length. For example, it contracts out its licensing and related functions such as the Call Centre (at present to Liverpool Direct Limited), independent assessing bodies are used to verify conformance with the ACS and so on. Its partners have comparable but not necessarily identical objectives.

I would strongly agree with the review team’s assessment that, in these circumstances, the regulator must provide support where its partners are better placed to act, and focus its attentions fully and squarely on gaps in the system which would otherwise be neglected.

Intelligence is most certainly a key part of determining levels of risk. Naturally, the SIA has a number of key partners. When it comes to enforcement action, the police and local authority inspectors are the most notable among them. The police services surveyed feel that intelligence sharing has taken place effectively and at an appropriate level. Local authority representatives were not so gushing.

I must say that last point has never come across in the enforcement-related SIA statements we receive at SMT Online and info4security

Speaking of those press statements… The review team considered the balance of the SIA’s enforcement work across the security industry. There was a feeling that more clarity could be built-in to the way in which the regulator’s work as a whole is prioritised according to the risks facing the licensing system.

Over the past six months and more, the regulator has extensively publicised its work in city centres and, more specifically, within the night-time economy. These commendable efforts are routinely described to raise the profile of this work with partners and, in part, to encourage others towards compliance.

That’s fine, but there are inherent dangers with such an approach. From my point of view, I think there are too many statements being issued, and too many of them saying virtually the same thing. If the regulator isn’t careful, people will just become blasé towards what’s being done and turn a blind eye. You can only read the same words so many times before the shutters come down.

As I’ve said before in a previous SMT Online Editors View, it’s time we had some more flesh on the bones. Why was a certain area targeted? What are the specific problems and/or issues in that town or city? What did the inspectors actually do on the visit? Where are the quotes from those inspected and found wanting?

It’s simply no longer enough just to tell us that Town A was visited, this is what was discovered and here’s a bland sentence or three from the SIA head of inspection.

According to the Better Regulation Executive report, the review team members found that, unprompted, many of the businesses questioned last winter suggested that some of the work involved was “a waste of enforcement resource”. I would again agree with that team when it suggests the SIA needs to communicate its basic enforcement strategy more clearly if full confidence among partner organisations is to be ensured.

More needs to be said by the regulator about the way in which the sanctions available to it – including intermediate and informal steps that fall just shy of prosecution – will be used. Also, more needs to be said about the factors the SIA will take into account when it chooses to conduct enforcement action.

Transparency and accountability

It’s well documented that the regulator has experienced difficulties in engaging with certain elements of the industry in its first few years ‘in office’.

In terms of the clients and buyers, it was worrying to discover last May at the SIAs Annual Stakeholder Conference in Manchester that Dan Hooton – group head of security at the Prudential – had not received a single Corporate Update, nor any words of wisdom from 90 High Holborn in the last three years or so.

Perhaps he’s not alone, and there is culpability on the SIA’s part here if that’s the case. However, it’s not the job of the regulator to spoon-feed information every minute of the working day and week. There has to be some expectation that dialogue and interest is a two-way process. Unless they’ve been stuck in a bunker in Outer Mongolia for some considerable length of time due to an unfortunate set of unforeseen circumstances, clients ought to be making the effort themselves to engage with the SIA. Like I said, it’s a two-way street.

The good news is that the Stakeholder Network Meetings are really starting to take off. I’m speaking at two of them in the near future, one concentrating on the SIA’s Small Business Network (which takes place in central London on 9 October) and the other in Nottingham on 17 November, this time focusing on the Door Supervision Network and the aforementioned night-time economy. The agenda for both gatherings is really first class, and all about audience engagement. These free-standing networks are demonstrably good news.

One of the most prominent points put to the reviewers by Stakeholders was that they felt dissatisfied with the feedback received in relation to information they’d submitted about suspected cases of non-compliance (there’s a rich irony in there somewhere, given what has happened on the in-house issue). In some cases, ‘whistleblowers’ are no longer prepared to summon breath and tell all about further miscreants due to this lack of feedback.

The SIA simply must address why certain members of its customer base are dissatisfied with the current approach. More must be done to make the exchange of information and comment satisfactory to all.

The Approved Contractor Scheme: what’s the deal?

It’s fair to say that the ACS is very much at the core of the SIA’s work aimed at promoting higher standards in the industry.

Accreditation decisions are made by the regulator, but detailed assessments of companies are conducted at arm’s length by assessing bodies including the National Security Inspectorate. At the time of the review, the number of registered companies was 537. We’re now up to 630-odd. In my opinion that’s far too many.

As stated at the outset, the Better Regulation Executive report suggests that the ACS has assisted in raising service standards across the industry. However, many of the business leaders questioned state that the regulator could be doing more to promote higher and better standards.

Options suggested by Stakeholders were that access to the ACS could be set at a higher level, perhaps a graduated approach might be adopted (with access to higher levels of accreditation for those companies with higher standards) or that the numerical scores currently part of the assessment process could be used more openly as a means of differentiation.

The SIA recently published the results of its differentiation study in relation to the ACS, so now we all know the options being considered.

Something has always nagged at me about the assessment scores option. It’s bad enough that guarding companies have to prostitute themselves and everything they do to straight-laced procurement managers who know very little about the discipline of security. If they’re forced into flaunting their assessment scores as well then I cannot help but feel that’s a pretty hefty stick with which the client can beat them severely at the tender meeting (even if they are in the same quartile as their competitors).

Weren’t we trying to create a select club?

The SIA target of 700 Approved Contractors on the books by next March looks like it will be achieved well ahead of time, but is that a good thing? How is this now any kind of select club when so many companies have apparently passed the test?

It’s not good enough for the regulator to say that, when the counter registers another company, that’s another security contractor that’s met the grade.

The bar to entry had to be set at a low enough level, but it’s looking increasingly likely that the level is too low (“insufficiently challenging” is the phrase used in the Better Regulation Executive missive).

Once implemented, will the decision taken on the differentiation studies actually make a difference at some point? I certainly hope so, because many practitioners in the industry are wanting to know when those elements promised – including preference at tender stage and the guarantee of work over and above non-registered companies – are going to come to fruition in return for the (pretty hefty) fee.

Of course, those two areas I’ve mentioned are more the preserve of the client than the regulator. If the client isn’t enlightened then standards will not be raised, but then why should clients in the private sector fall into line with their cousins in the public space when local authorities don’t have to specify ACS-registered companies in their own tender documents?

Forget all the Home Office waffle about not wanting – nor being allowed to – create a ‘monopolistic’ playing field. The Government must practise what it preaches here, particularly so when you consider that local authorities have the biggest budgets and the largest security procurement requirement year-on-year.

The Better Regulation Executive report tells us more than once that the SIA isn’t quite the same as most regulators. That being so, Councils dealing directly with both the regulator and its myriad Approved Contractors ought to be granted some political licence when it comes to security tendering.

The ACS from the Hampton perspective

From a Hampton point of view, there are (apparently) risks involved in making ACS standards any higher. This “might impose additional burdens”. Most notably for Gordon Brown, one suspects. If there were to be a lower number of Approved Contractors there’d be less in the way of fees to help prop up an already cash-bereft Treasury.

The review team believes that “an alternative approach might be to work with the industry on promoting higher independent standards if this suits their needs”. I hear on the grapevine that wheels may already be in motion there. Watch this space…

Many Stakeholders questioned were at pains to emphasise the SIA’s work has been important given the perceived failings of self-regulation by the industry prior to regulation being enforced.

Now, though, we are at a stage where we must ask the questions: ‘Have standards been raised’? and: ‘Is the industry changing for the better?’ The answer to both is: ‘Yes… but only to an extent’. There’s a base on which to build, but we need to be aiming much, much higher than is the case at present.

If the industry is honest with itself, contracts are still being won in unseemly price wars that decimate margins. Some officers are still on National Minimum Wage. Training is still being slashed where budgets don’t allow for it. Unbelievably, there are clients out there who know little or nothing about regulation, what it stands for and why it’s so important. Not good enough.

The Better Regulation Executive report talks of “scepticism” surrounding “the value of the training aspects of the licensing regime”. The SIA licence demonstrates that a person has been vetted and checked, achieved base level qualifications and has attained a degree of knowledge. It suggests nothing about actual competency in the security role. Plainly, this fact is not clearly understood by far too many security solutions buyers.

To its credit, the regulator is developing a more modular approach to the licence-relevant training which must be undertaken, but this work has to be underpinned by dialogue with the industry and buyers such that it can formalise the difference between the basic licensing standard and the additional demands of other external standards.

The Better Regulation Executive report states: “We found that there is still no clear consensus as to the way in which responsibilities should be shared between the industry, the SIA and other bodies such as Skills for Security.”

Integrity and effectiveness of the regulatory system

According to the review team: “Confidence within the security industry in the integrity and effectiveness of the regulatory system remains a salient issue”. Indeed it does.

There’s no doubt the SIA has conducted some very important work in trying to establish its credibility. There have been high profile Court cases involving some larger security companies. Companies that the SIA felt had seemingly shown a deliberate disregard for the regulatory laws.

However, there are still areas of concern. For example, there’s a widespread belief that training fraud is rife. Whether that’s true or not is open to debate, but the evidence provided by Panorama alone was quite compelling. The case shown in that episode cannot be an isolated incidence. This is undoubtedly “a hurdle to complete confidence” in the SIA’s work.

Again, I would say it’s largely down to the training community itself to weed out and ‘whistleblow’ on those companies who are less than discerning in how they conduct their business.

The full implementation of Sir Philip Hampton’s recommendations is a journey that could well take several years. The SIA is making marked progress. The regulatory agenda is being moved forward, but there are fundamental areas for improvement that cannot be ignored.

How the SIA conducts itself and its regulatory duties matters. It’s also the case that clients need to be told the facts of life when it comes to procurement while, irrespective of the economic backdrop, guarding companies have to walk away – and be seen to walk away – from any potential contract where those realities are not part of the equation.

Plenty of notables have suggested to me that regulation is the ‘Last Chance Saloon’ for the guarding industry, not to mention the wider security sector. They believe that if the Government’s programme of legislation and enforcement disseminated via the SIA doesn’t work then all of us might as well pack our bags, turn the lights off and close the door.

Speaking as someone who has done nothing but demand – and attempt to facilitate – the highest possible standards of probity and contract execution in this sector for the past decade, I must admit there have been times when my skull has been throbbing thanks to vigorous contact with that brick wall.

However, there’s an old saying that suggests: ‘Fortune favours the brave’. Let it be known that I intend to be brave for as long as it takes to change the status quo for the betterment of all.

Until next time…


Leave a comment

Filed under SMT Online Editor's View