SIA enforcement: now and in the future

29 Aug 11

With licensing now well established in England and Wales, Scotland and Northern Ireland, the private security industry licensing regime is consistent throughout the United Kingdom.

There are more than 360,000 Security Industry Authority licences held across all sectors, and our regular checks confirm that there are high levels of compliance, typically revealing that more than 95% of operatives are properly licensed.

The Regulator’s Approved Contractor Scheme has celebrated five years of successful operation, with more than 700 members employing 130,000 licensed operatives.

Underpinning this success is the long-term improvement achieved by those Approved Contractors and increased assessment scores year-on-year since the launch of the ACS in 2006.

Success has been a team effort, involving numerous partner agencies, such as the police and HM Revenue & Customs, other stakeholders (including training bodies and local authorities) and, notably, the private security industry itself.

Compliance is not something that we have ‘done’ to the industry. Rather, it has been very much about working together and, through close collaboration with the industry, enabling regulation to mature.

Together, we have been successful at preventing unsuitable people from gaining licences and making sure licence holders have a standard level of competence.

More than 745,000 security qualifications are held, and to date the Security Industry Authority has revoked more than 22,000 licences and refused close to 25,000 licence applications.

Our intelligence has shown that nearly 1,500 of these people posed a clear, serious and imminent threat to the public.

Close working relationships with police forces, local authorities, training providers, trade associations, industry representatives and other Government agencies are vitally important to ensure that individuals and companies operating within the private security industry comply with the law.

Enforcement operations are an important part of this work and checks may be led by us or by our enforcement partners. In either case, they will fall into one of three basic categories:

• intelligence-led operations conducted as a result of information that has been supplied to us
• information gathering operations which provide valuable data that we can use to target our resources effectively
• random compliance checks allowing us to test the assumptions on which our compliance strategy is based

Compliance work conducted to date

Although compliance levels are high, there will always be a minority of individuals or companies who decide to risk breaking the law.

Within the Private Security Industry Act 2001 there are several different criminal offences. These include engaging in designated security activity without a licence (committed by the individual operative), deploying unlicensed operatives (committed by the business and its decision makers), contravening licence conditions, falsely claiming to be an SIA Approved Contractor, obstruction of entry or inspection and making false statements.

Of course, it would not be right for every detected breach to end in prosecution. That would be extremely expensive and the number of cases that we could manage would be limited.

Our experience shows that informal actions and discussion can be highly productive in achieving compliance, so our usual stance is to try this approach first, turning to formal actions in cases of persistent or serious non-compliance.

Some of the options available to us are to: engage in informal conversations and advice, issue written warnings to individuals such as operatives, managers and directors, issue improvement notices aimed at businesses to secure a course of action to cease offending, suspend or revoke licences or, where appropriate, instigate a criminal prosecution which can lead to a fine or prison sentence.

Unsurprisingly, and in accordance with good practice, most of our interventions are at the lower end of this scale and we or our partners have issued hundreds of written warnings and improvement notices.

However, we do take further action where appropriate and we have launched and succeeded in many prosecutions.

At the start of 2010, the Security Industry Authority won the long-running case against Sabrewatch for deploying unlicensed operatives back in 2005, when the Regulator was first established. The company and its three directors were fined a total of more than £125,000 at Southwark Crown Court.

The Security Industry Authority was awarded costs of £1 million at a previous hearing, during which the court also made a confiscation order of £100,000 under the Proceeds of Crime Act.

This case confirmed the Regulator’s will and power to prosecute, and closed a chapter by concluding a case which had been running since the Security Industry Authority’s early days.

Another example of successful prosecution, in June 2011, concerned two security directors ordered to pay fines and costs of almost £30,000 after pleading guilty to failing to provide information to the Security Industry Authority and making false statements.

Not all of our enforcement activities involve security suppliers or employees. Earlier this year, following a widescale training malpractice investigation involving Security Industry Authority investigators, the Metropolitan Police Service, awarding bodies, the qualifications regulator Ofqual and the UK Border Agency, four London-based training providers had their approval to provide Security Industry Authority licence-linked training removed, and 300 qualifications awarded by them were withdrawn.

Looking forward: compliance under a new regime

In October 2010, the Government announced a “phased transition to a new regulatory regime” for the private security industry. The Security Industry Authority is currently working with the Government and the security industry to plan how private security in the UK will be regulated in the future.

It is worth noting that until the new regime is in place, the Private Security Industry Act 2001 remains law: it is a criminal offence for security operatives and those deploying them to work in licensable activities without a valid Security Industry Authority licence.

We and our partners continue to ensure that the law is properly enforced.

A point made consistently by many stakeholders, and by many in the private security industry, is that there must continue to be strong compliance and enforcement. Government ministers have also made statements to this effect.

Representatives of the industry have been particularly clear with us that a consistent approach is vital such that the industry understands the requirements that must be met, and that a compliance and enforcement strategy must be maintained, both during the transition to the new regulatory regime and once the new regime is in place.

We have been developing ideas of what we think effective compliance and enforcement will mean in the new regime.

There need to be a few caveats at this stage: the proposals for the new regime are still subject to formal consultation and a full impact assessment will be published near the end of 2011. Subsequent to responses to that consultation, ministerial agreement will be needed and then the successful passage of a Bill through Parliament.

So there is much that needs to happen before we can say for certain that this is how we will achieve compliance in the future. However, we can set out details of our thinking at this stage.

Thinking at the present moment

The main focus, and a significant feature of the new regime, will be the licensing of security businesses, though the Regulator will continue to maintain a register of individuals who work in the industry. Responsibility for the proper deployment of registered individuals will rest with the security business.

The new regulatory body will continue to work in partnership with others in law enforcement, other stakeholders and with the private security industry in much the same way that the Security Industry Authority has done. Compliance will be achieved by a combination of supporting and helping those wishing to comply and tackling those who risk non-compliance.

Five key areas have been identified that will enable strong compliance and enforcement in the new regulatory regime. These will need to be incorporated into legislation if they are to be taken forward.

These five areas are as follows:

(1) Sanctions: a range of sanctions to enable a proportionate response to non-compliance and support compliance. We are considering the introduction of civil penalties, to be used in cases of non-compliance, whereby criminal prosecution is not necessary in order to act as a deterrent and change behaviours.

(2) Information gateways: providing a legal gateway for the sharing of appropriate information with stakeholders, including extending the existing arrangements with some important law enforcement partners.

(3) Investigation powers: investigators continue to be equipped with all the tools to do the job, including appropriate legal powers to investigate and gather information.

(4) Offences: to ensure that the new regulatory regime and its policy goals are underpinned by statutory offences. We will review all current offences and identify new offences required to support business licensing. We are also considering a new offence to target complicit buyers of unlicensed security.

(5) Prosecution: the new Regulator should have access to criminal sanctions to be used in the more serious cases of non-compliance.

Risk-led strategy based on intelligence

The new Regulator will continue to be risk-led, using intelligence to prioritise and decide how to use resources based on the risk to the public. This will mean tackling the most serious non-compliance, working with partners to share information and carry out joint operations and initiatives as well as making compliance efforts as visible as possible.

Compliance and enforcement will be strong and effective to protect the public and the investment of legitimate businesses and individuals. Risk to the public will be identified, prioritised and targeted. The Regulator will have appropriate powers to enforce effective compliance and enforcement activity, and access to the right to prosecute as a last resort.

There will be appropriate appeals arrangements, expected to be through the courts.

Our plans are that the Regulator will continue to have the power to: conduct formal investigations, suspend or revoke licences and registrations, gain reasonable access to people, documents and premises, publish its enforcement actions in the public interest and allow the exchange of intelligence with other enforcement agencies through formal gateways.

Administrative sanctions will include warnings, improvement notices and changing or applying additional licence or registration conditions.

It's possible that the Regulator may also have powers to impose fixed monetary penalties, compliance notices, asset recovery of criminal proceeds and variable monetary penalties but this, like much of the framework, will first need to be approved by Government.

We will build on existing effective partnership working with the police, local authorities and others. We are already increasing the degree to which we work jointly with HM Revenue & Customs and with the Serious Organised Crime Agency. There are some encouraging initiatives underway, and we have particularly strong partnership ties with law enforcers in Scotland.

The evaluation of these initiatives will ensure that we are effective in working with all partners in the new regime.

So there is much change ahead, but working with the industry and Government we aim to put in place an effective regime to ensure the proper regulation of the industry into the future.

Drawing on our experience and successes in compliance and enforcement since the start of the Security Industry Authority, we will ensure that regulation continues to be effective and trusted, supporting compliance but taking action against those who fail to meet the new criteria or break the law.

Dave Humphries is director of compliance, intelligence and communication at the Security Industry Authority