The contract the Security Industry Authority agreed with BT in Liverpool for effectively delivering the licensing system runs out in late 2013. In pre-planning, the Regulator has already been working on a future operating model.
“This is a change framework that sets out the principles we have, and what the journey will be to a new regulatory regime.”
Apparently, and perhaps not surprisingly, that framework makes for “a huge document” that keeps on getting larger, but it’s also a very short presentation.
“What primary legislation will allow us to do is address the fundamental arrangements around which regulation works,” suggested Butler. “The Private Security Industry Act 2001 lets us address some really odd anomalies. For example, at the moment if we want to change the application form we can’t just go ahead and do that. It has to go in a statutory instrument.”
To describe that particular ‘handcuff’ as absurd would be something of an understatement, but that’s the way it is.
“Also, there are questions around what enforcement powers you would need against businesses under the new regime. At the moment, the enforcement powers we have against businesses and their chosen deployment of individuals are fairly limited.”
For Butler, as things stand it’s a bit of a nuclear option. “We can either prosecute or warn that, if behaviour doesn’t improve, we can then prosecute. What we don’t have in place are sanctions for enforcement short of that measure.”
There’s a big question around how this procedure will work with security businesses. However, help may be at hand. The Gangmasters Licensing Authority licenses businesses. The Gambling Commission, too. In short, there are models in place showing how it can be done.
Scotland and Northern Ireland: what’s the situation?
“Scotland and Northern Ireland have fully devolved responsibilities for private security provision, and must make their own decisions about the way forward. In the end, it’s for them to decide what they want to do.”
Butler’s lasting hope is that he can find a set of arrangements which are broadly acceptable and flexible enough to accommodate the views of practitioners north of the border and across the pond.
“We cannot guarantee that, of course. As I said, in the end both administrations have the right and responsibility to consider and make their own decisions.”
The regulatory regime in Scotland has been rolled-out for three years, of course. It’s firmly established, and some really good enforcement work has been carried out (most notably in Glasgow). Importantly, there has been powerful support for that work. Put simply, the Scots want regulation to stay.
In Northern Ireland, regulation has only been rolled-out for a year, but the progress has been – in Bill Butler’s own words – “brilliant”.
“We’ve licensed over 10,200 individuals,” he enthused. “The audits we’re carrying out show that compliance rates are north of 90%, which is remarkable. That’s a great start. However, you couldn’t say regulation is yet established there, or indeed totally understood by all.”
What does the change framework look like?
“Our change plan or change framework starts off with some basic principles which are close to, but not the same as those enunciated in the Security Alliance’s position paper,” stated Butler, who talked me through each of them in turn.
- Principle 1: Ensure robust compliance to protect the public and the interests of the legitimate industry
- Principle 2: Ensure governance arrangements outside the NDPB sector under the Public Bodies Bill
“That first principle is vitally important,” stressed Butler. “In terms of the second principle, right now it’s difficult to establish what that will look like. The Cabinet Office is working on this area across lots of business sectors.”
- Principle 3: Significant transfer of responsibility to the industry and a matching reduction in the role of the SIA after the 2012 Olympics
On this point, Butler said: “That’s really all about picking up responsibility for the individual. Our initial thinking on how that might work is starting to come together.”
- Principle 4: Regulation based on a registration scheme for businesses and individuals to ensure their fit and proper status
“It’s worth bearing in mind here that we, as the Regulator, must ask individuals if they are fit and proper and qualified to work in the industry, not if they can do the job. There has been a common misconception surrounding this important point.”
In a similar vein, the ACS divides between two areas of questioning: is the business fit and proper, and what are the quality standards for the business?
“It’s a significant step in the business sector to actually up the ante,” continued Butler. “To be clear on the fit and proper side of things you have to move the quality stuff into a voluntary and industry-led regime while maintaining the business registration scheme.”
While Butler doesn’t yet know what the company scheme is going to look like, and it would be unwise to make absolute guarantees in any case, he finds it “very difficult” to imagine a scenario wherein those firms who are already in the ACS will not transfer – or ‘brigade through’, as he terms it – into the all-new registration scheme.
“Why on Earth would companies want to opt out of the ACS when it’s the only business leaders’ register we have?”
Is it set in stone that the ACS will disappear?
“The proposal is that the ‘quality’ part of the scheme, or the hallmark if you like could still be there. You could envisage a situation where the ACS trademark is owned by the new Regulator, but the operation of that quality arrangement would sit not with the Regulator but with the industry itself.”
One of the important points to note is that ACS companies have already had an initial fit and proper assessment.
“What we don’t want to happen,” stressed Butler, “is companies dropping out of the ACS and then finding they have to go through the registration process again to determine they’re a fit and proper business to join the new scheme.”
- Principle 5: Focus compliance and enforcement activity on areas of greatest risk to public safety, in particular supporting action against organised crime
“We’ve prevented around 50,000 individuals from working in the industry,” said Butler. “That figure includes those who’ve applied for a licence, but doesn’t take in those who know they wouldn’t qualify and haven’t applied.”
Butler is adamant this is what the SIA was set up to do, and that those figures are a pretty good indicator of success.
“I’m not suggesting you cannot wander around and find some people with a licence when they shouldn’t have one. After all, we’ve had a police service in place in the UK for many years now, but I’ve still been burgled three times. These things happen, but we know from our enforcement work that compliance levels are consistently well into the mid-90% levels. Regulation works, but we do need to move on.”
- Principle 6: Reduce the direct costs of regulation
“For example, we want to reduce the direct costs of regulation, particularly for individuals, although I think it’s probably fair to say what we’re looking to do is make sure that the new regime doesn’t cost any more in real terms than the old one.”
In truth, Butler’s confirmed hope is that the new regulatory regime he’s helping to forge will cost less, but there’s a touch of realism added to that notion. “What we’re not going to do is say that it will be a £50 million business in future.”
Butler believes he’ll be helped in relation to this particular task because the key regulatory focus will now be on businesses.
Using ‘accountant speak’ drawn from his previous commercial life, Butler said: “The multiplier on businesses is about 4,000 rather than 350,000 individuals. If you just work through the situation, there’s almost an inevitability about the cost of licensing 350,000 individuals. It’s a big multiplier.”
- Principle 7: Meet the particular requirements and concerns of the devolved Governments
As mentioned earlier, the regulation scheme must be flexible enough both in terms of its introduction and application to allow the devolved regimes to take their decision as to whether they want to be in or out.
Key features of the new regime
- There should be an independent regulatory body that’s not an NDPB to manage the processes and systems that will support the new regime.
“That obviously ties in with the primary legislation to have such a body in place,” explained Butler.
- (2) The need for a framework that allows the registration of both businesses and individuals
What’s interesting in the speech that Baroness Neville-Jones made in the House of Lords is that there’s quite an important shift of thinking involved. Although both businesses and individuals will be registered, the prime lever for regulating the industry will be the former.
“The registration and licensing of individuals is to be set within the context of the business registration scheme,” said Butler. “That situation will be made possible by businesses taking overall responsibility for how they deploy individuals who are properly skilled to meet the defined risks.”
- (3) Registration through a simplified, re-engineered and e-enabled system
“This is a big task in its own right,” outlined Butler. “As I said, our contract with BT provides a robust and workable solution. It does what it says on the tin, but I’m mindful of the fact we need to move on.”
According to Butler, the system in place is a little dated. “We want to create a solution where people can come to our system and deal with us in the same way they would, for example, their own bank. We don’t want them to be filling in lots of paper forms.”
Indeed, as far as Butler’s concerned the existence and operation of that new system is absolutely key to making the rest of the change programme work.
However, what this element of regulatory modernisation is not going to turn into is a huge IT contract using ‘sharp edge’ technologies.
“Our intention is to move forward in chunks,” explained the SIA’s CEO. “We’ve started already, of course, with the e-fill form. We’re building slowly. It’s a big piece of work to change the system, and we’re aware of what’s needed.”
Butler was fulsome in his praise of BT. “The work that BT has conducted over the last few years is as much a part of the success of regulation to date as anything we’ve done here at 90 High Holborn, particularly so given that the contract for both parties is a demanding one.”
- (4) Access for most registrations facilitated through trusted service partners
Butler explained: “What we would do here is effectively accredit people to be able to access the registration system. A trusted service partner might be a private security company, a training organisation or an accreditation body. It could even be a local authority.”
Butler rightly pointed out that there’s a cost involved in having the right standards of security around your IT system.
“You need to trust people to deliver. There cannot be a relaxation of the standards, but there’s no reason why, with the right technology, auditing and accreditation you cannot trust people to play their part in this process.”
In turn, that reduces significantly the burden on both businesses and individuals in terms of how all this will work in the future.
- (5) Qualifications for individuals managed by the industry
With Chartered status looming for security professionals, there’s the makings of a network for skills and training and an overall professionalisation of the security sector.
It’s right, then, that the industry picks this baton up and makes its own well-considered decisions as to what’s required.
- (6) Professionalism and quality levels: the responsibility of the industry
“That includes making decisions about running any quality schemes for businesses,” said Butler. “It’s clear that things are moving on. The standard of training in businesses across every licensable sector has risen. It’s one of those areas where the industry makes this happen.”
- (7) Robust arrangements to ensure compliance with the new regime
Butler “took comfort” from Baroness Neville-Jones’ speech in the Lords when the security minister said this element will include sanctions to prevent those businesses who cross the line from trading at all.
“I hope that the majority of people will behave and improve, but you have to draw a line in the sand somewhere,” suggested Butler. “If companies don’t behave, and consistently don’t behave, then they cannot be allowed to trade.”
Butler “fully expects” that there will be proper regulatory approaches in place to make that situation a reality.
- (8) The scope of the regime will be reviewed with the industry and other Stakeholders as the new regime is established
One of the things Butler recognises, and which was picked up during the 28 February debate in the House of Lords, is that there cannot be a business registration scheme put in place that doesn’t recognise the variety of businesses prevalent across the industry.
“There are many SMEs, for example. Any regime we form has to have arrangements that allow small businesses to enter the market at reasonable cost and not to be disadvantaged, both in terms of how the regulatory system works and how much it costs to them.”
That’s not to say anyone should be able to enter a regulated industry for nothing. “The ACS scheme has small and large companies within it as members, so we have a model as to how the future arrangement might work,” commented Butler.
Private investigators, consultants and in-house
“What we also need to look at is those sectors which have never been brought in to the regulation environment. Private investigators, the whole issue of security consultants and in-house.”
National Doorwatch Steering Group chairman Ian Fox recently suggested it’s high time we removed the “farcical pretence” of any difference between a security operative who works in-house or one who works for a private contractor.
“The simple test should be if it looks like a duck, walks like a duck and talks like a duck then it IS a duck” is the line taken by Fox, and many would agree with such sentiments.
The proposal from Butler is that options for bringing these sectors into regulation remain in place. “However, you can only look at them now in the context of the new regime being established. At present, there’s no point in trying to work out how we would do this.”
Of course, you could produce an argument to say the time is very much opportune to look at these areas.
“It’s important we don’t close down the options. Indeed, the new regime must be flexible enough to accommodate other sectors. However, it would be difficult to swallow such changes now in practical terms, and also in terms of how you would make decisions about how it would work.”
In essence, then, the regulation of these sectors has been parked or postponed for the time being, but not abandoned.
“We cannot lose track of security consultants, for example,” stated Butler, “if we’re going to talk about how businesses are managed in the future.”
In Part Three of this exclusive interview (to be published at 9.00 am tomorrow morning), the SIA’s CEO Bill Butler talks to Brian Sims about regulation’s change framework, the key risks and dependencies associated with it and the next steps to be taken.