Author: Colin Farrow

The Charity Commission’s report of the inquiry into safeguarding failures at Oxfam was published in the last week. 143 pages of in-depth investigation and review into alleged inappropriate behaviour by Oxfam workers in the field and the systemic issues that allow such failings to happen and to go unchallenged for far too long.

The background to the inquiry has been well covered in the media; that during its operational response to the earthquake in Haiti on 12 January 2010, a number of individuals were implicated in sexual abuse and exploitation, as well as drug-taking. Much of the report deals with the case handling of incidence of use of prostitutes, some of whom were reportedly under-age, by members of the agency’s staff, Oxfam’s responses to it and how individuals involved are able to move apparently unhindered between organisations.

From a screening point of view, an interim report to Oxfam’s board by an external HR consultant in March 2018 described the vetting and referencing of candidates as exhibiting “… inconsistency combined with a lack of thoroughness.” So what are the lessons that those responsible for screening policy for their organisation can learn from this report?

1. Understand the difference between a personal and a corporate reference.

The report recognises the importance of gaining a proper corporate employment reference. It observes that some charities compare less favourably to Oxfam in this respect, noting that “In two cases, the recruiting organisation had not obtained official references from Oxfam GB but had taken personal references from serving or former Oxfam GB staff members. The recruiting organisations appeared to have accepted these as being official references.”

However, it’s not always easy to tell a corporate reference from a personal one. In one example, the report highlights an Oxfam staff member responding to a reference request from an Oxfam email address, stating “I have no hesitation in recommending him to you.” This was in contravention of Oxfam’s guidelines at the time that stated a reference could only contain start date, end date and job title. The fact that the reference was sent from an Oxfam GB email address suggested it was an official reference.

Affordable Screening’s guidance is that a corporate reference should be from a corporate email address or on headed paper AND should be made by a line manager of the individual or a member of the HR department.

2. Do not rely on a single employment reference

Relying on a single reference exposes the recruiting organisation to significant risk, especially when you consider that in one case of onward hiring from Oxfam to another charity, according to the report, “… the referee was a former staff member who had not only been involved in the individual of concern’s disciplinary case in Haiti, but was subject to disciplinary action themselves as part of the internal investigation, having received a final written warning.”

The report highlights an independent review team finding “… evidence where only one reference had been requested and on occasions, a level of ambiguity clearly existed about referencing for existing Oxfam GB staff moving internally or for those who had been previously employed.” When staff and volunteers were asked about their experience of being recruited into Oxfam “… a small number said they were only asked for one [reference] and a minority could not remember. Overall 5.3% were not asked for a reference.”

Affordable screening’s guidance (for hiring not requiring BS 7858) is in line with the recommendation contained within the report; that the hirer should take up a minimum of two official employment references, one of which should be from the most recent employer. We would go further and recommend that one character reference should also be obtained to complement the two employment references.

3. Recognise the importance of DBS Checks

The report recommends “a new DBS check at enhanced level for every new member of staff who works directly with, or has regular contact with, children or vulnerable adults in the UK (consistent with DBS guidance and relevant law)” and for that check to be repeated every three years.

In the case of charities like Oxfam, with trading operations, the requirement extends to personnel in its shops. The report notes that “95% of shop managers had now been DBS checked,” but what of the other 5%? The report also notes the need to take this “… beyond shop managers to include key volunteers and other staff.” A huge undertaking for such organisations, but one that should be regarded as a core part of a robust safeguarding strategy.

DBS Checks are an important element of Affordable screening’s guidance where the law makes provision for them. In many situations a standard check may be sufficient, and where possible we would argue that all colleagues, clients and members of the public coming into contact with an organisation’s employees are deserving of this important safeguard.

4. Develop guidelines for pre-emploment, screening, in-employment screening and reference responses and apply those guidelines consistently

No need to enlarge on this.

Closing thoughts

On one level one may feel some sympathy for Oxfam. The charity is by no means alone in failing to meet high standards of safeguarding. It’s been hauled over coals in the most public fashion. Heads have rolled and substantial repetitional damage has been sustained. It’s had to withdraw temporarily from bidding for government funding for new aid projects.

But it has badly let down its donors, supporters and some of the people it exists to help. To her credit Caroline Thomson, Chair of Oxfam GB Trustees, has been unequivocal in apologising for the failure and avoided making excuses for it. A lot has clearly already been done to improve procedures and a new Global Safeguarding Director, Clifford Isabelle, has been appointed to elevate safeguarding to board level.

Oxfam’s mission has great value and we’ll all hope it can repair its shattered reputation and continue its great work.

Further reading

• Understanding and evaluating Insider Risk

With the festival season approaching, now is a good time for event contractors and organisers to review their approach to screening stewards.

For many Approved Contractor Scheme (ACS) security companies that deploy non-licensed staff on stewarding duties it’s a no-brainer. Stewards involved in front-line visitor assistance and health and safety support occupy a position of trust to a similar extent as a security officer and should therefore also be screened to BS 7858. For those companies, screening all deployed staff to BS 7858 is a badge of honour and may also be a useful differentiator, conferring competitive advantage when bidding for contracts. Event organisers will be appreciative of this higher level of assurance.

For other companies the short term nature of a steward’s employment, the rate chargeable and the lack of specialist skills mitigate against the administrative effort and cost of screening. This may especially be the case with smaller contractors providing stewards for smaller, lower profile events.

So, if you’re on the screening fence what factors do you need to take into account?

Firstly, it’s worth considering when it’s appropriate to deploy a non-licensed individual to stewarding duties. The Security Industry Authority (SIA) indicates five very clear activity-exemptions from deploying licensed security operatives:

• Responsibility for the health and safety and comfort of spectators within a designated area
• Monitoring and maintaining the pedestrian flow at key locations e.g. entry and exit points.
• Providing guidance and direction to visitors arriving by car or on foot, including the management of roadway crossings to ensure the safe passage of visitors over the roads
• Reporting to a supervisor or safety officer any damage or defect which is likely to pose a threat to spectator ‘health and safety’ e.g. a damaged seat or barrier
• Volunteering

So, in principle, as long as your non-licensed stewards don’t cross any lines, for example actually screening a visitor to establish their suitability to enter a venue, the requirement for them to have an SIA license (and, if you’re ACS, to screen to BS 7858) may not apply. But beware of grey areas! For example, if your steward should decide on their own initiative to intervene in an unexpected conflict event – say to come to the aid of a colleague being assaulted – an exclusion exists. But, if there’s an expectation they should be prepared to do so, the role becomes licensable and a licensed security officer must be deployed in the role.

Secondly, and taking a wider view of your safeguarding responsibilities, it’s worth considering that when you deploy a non-licensed individual you’re not getting the assurance of that individual having undergone a DBS check, which of course comes with the SIA license. For that reason ‘BS 8406:2009 Event stewarding and crowd safety – Code of practice’ recommends that where an individual is employed in a position that does not require an SIA licence, the service provider obtains a DBS check.

Still on the fence?

Whether you’re ACS or not, you need to balance the costs of screening non-licensed stewards against brand protection and your overriding responsibility for visitor wellbeing. Our view? As a minimum, you should be looking at Right to Work, DBS Check, character reference and two employment references. If in doubt, talk with your ACS advisor. If you’d like to discuss a bespoke screening package for your event stewards at a surprisingly affordable cost please email info@affordablescreening.com or call us on 0345 257 3400.

Further reading

• Security at Events Guidance – Security Industry Authority

“Do what you do best and outsource the rest” was the challenge posed by Peter Drucker – widely accredited with developing the case for outsourcing back in the late eighties.

For those of us who’ve experienced running businesses in the facilities management sector, the arguments for outsourcing are well rehearsed. We use them in our marketing all the time. So widely established are they that we expect these arguments to fall on fertile ground with most business managers. So why do we hesitate in fully embracing outsourcing for our own businesses?

It’s worth reminding ourselves of the arguments:

1. Focus company resources on your core activity

If you’re a security company providing people, selecting, training, deploying, motivating and managing security officers should be your overriding concerns; all of your resources should be focussed on these activities. Anything else – running computer systems, maintaining your offices, screening new recruits – distracts you from your core activities. And if you’re distracted by the non-core minutiae of supporting activities you won’t be providing the exceptional front-line service that your clients love and value you for.

2. Get access to highest quality specialist suppliers

If you have your own staff performing non-core supporting activities they may well not be as efficient or as capable in doing those things as a specialist supplier would be. Because your specialist supplier provides the non-core service for many clients, they’ll have more opportunity to learn better and more efficient ways of delivering the service and to evolve their service to stay in line with industry best practice and any regulatory requirements. In other words, they should be better at it, and because they’re better at it the improved efficiency will contribute to your overall effectiveness as a business.

3. Create the ability to flex capacity

If you should find that business volumes turn down, and if you resource non-core activities with internal staff, you’ll find yourself carrying expensive surplus overheads and will face difficult decisions. With an outsourced supplier, you simply reduce the amount of work you give them and your costs reduce in-line, immediately. You don’t have that same flexibility with internal resources. The temptation is to retain those resources on payroll in anticipation of the volume of business increasing again, which may or may not happen.

Expansion of business can pose the opposite problem. With internal resourcing, as the volume of work exceeds the capacity of staff to handle it, you’ll face a lag in response as you attempt to hire more staff and, in the short term, quite possibly an increase in unit costs if you need to run overtime to plug the capacity gap. A good outsourced provider should be able to accommodate the additional volume easily and may even offer you a lower unit rate as the volume discounts you’ve sensibly negotiated come into play.

4. Increase accountability

As a responsible employer you’ll want to support your employed staff through any problems that affect their productivity or availability. Thus, a spell of illness or absenteeism for whatever reason will impact capacity, productivity and unit cost of the non-core activity concerned. It’s easier to apply and enforce Key Performance Indicators with outsourced suppliers. If they fail to meet agreed KPIs it’s their responsibility to rectify the situation. Ultimately, if they fail to do that you fire them, without distracting and often costly complications.

5. Reduce costs

Cost reduction is a lot like marketing; the best businesses do it all the time. A financial downturn is not the time to start a cost-reduction programme, just as a slump in business shouldn’t be the signal to create a new marketing campaign. It’s too late!

In principle, with many non-core support activities, by the time you take into account all of the costs associated with doing them in-house it will almost certainly be cheaper to outsource them. Unit costs go down, margins go up. And that assessment has to take account of opportunity cost for your own resources. If your staff weren’t spending their time labouring on non-core activities, what impact could they be having on delivering a better service to your customers?

The Outsourcing Dividend

In principle, by identifying non-core activities, recruiting the right outsourcing partners and negotiating the right contracts, there’ll be an outsourcing dividend for your business. How you use that dividend will depend on your business strategy and where you are in your particular business cycle. It could be re-invested into your business, it could be banked as retained profit and/or distributed to your shareholders.

Finally, no business blog post worth its salt (in these times) would be complete without some reference to Brexit, so here it is. Even the most ardent Brexiteer would acknowledge that the UK business environment is facing a period of uncertainty. The extent of the impact of Brexit is unclear. That there will be an impact is unquestionable. In uncertain times we should be looking to sharpen our delivery. We should be focusing on improving quality and value to our customers to maximise our competitiveness. We should be engineering agility into our businesses and, where we can, reducing the cost of non-core activities.

In enterprises of all kinds, whether private, public or not-for-profit, we manage risk.

Risk comes in many forms – strategic, financial, operational, environmental. This review of evidence focuses on a particular type of risk that increasingly occupies the minds of managers and has as much potential to derail our corporate plan as any other. We’ll refer to it as Insider Risk. It concerns people. The people we hire.

Financial fraud and theft of assets

PwC’s Global Economic Crime Survey 2016 reports that 55% of UK respondents reported experiencing economic crime in the last 24 months, with 31% of fraud being committed by internal perpetrators. Looking further into the seniority breakdown of this group, PwC found that 28% of internal fraud was committed by Junior Staff, 36% by middle management and a striking 18% by senior management.

Separately, in a review of recorded thefts by employees statista.com reports that the number of police-recorded ‘theft by an employee’ offences in England and Wales was 10,347 in 2016/17.

Safety and wellbeing of co-workers

The Health and Safety at Work etc Act 1974 (HSW Act) makes it clear that employers have a legal duty to ensure, so far as is reasonably practicable, the health, safety and welfare at work of their employees.

In a post-Weinstein era, it’s clearer than ever that enterprises owe it to their staff to ensure that the person sitting at the next desk does not pose a risk to their safety and wellbeing. This is not a new concern as research from the Academy of Management (http://aom.org) illustrates.

More recent figures from the crime survey of England and Wales show that 8% of assaults and 12% of threats experienced at work in 2015/16 were from colleagues.

Safety and wellbeing of clients and their customers

A parallel risk is that posed by rogue employees to clients and their customers. Many enterprises assume that they’re not legally responsible for the actions of employees toward individuals. However, in 2016 the UK Supreme Court gave judgment in the case of Mohamud v Wm. Morrison Supermarkets plc, confirming that an employer can be held liable for an assault on a customer.

Beyond legal responsibility there is, of course, moral responsibility. Knowingly or by omission exposing third parties to risk of financial, physical or emotional harm would be considered unacceptable by most of us, which relates to reputation and brand, which we’ll consider last.

Imposter performance risk

Performance risk is inherent in inviting a new colleague into an organisation. We mitigate that risk by crafting induction processes to help new employees acquire understanding of organisational and brand frameworks. We describe ‘learning curves’ to model the acquisition of knowledge and experience needed to turn the new employee into a fully productive member of the team

But if that new employee is not the person they purport to be, performance risk is raised to a whole new level, especially if the new employee occupies a senior position.

In December 2017, the Daily Mail reported on an oil industry executive who had falsely claimed academic qualifications and research publication credits to land a Managing Director position with a Darlington engineering company. The deception was discovered after many months when the individual’s performance in his role failed to meet the standards expected, putting strategically important contracts at risk. The judge, in his summing up in the resultant criminal trial stated “… had the firm not promptly discovered his deceit it could have cost them contracts worth millions.” The erstwhile MD was given a 12-month custodial sentence.

Reputational/Brand damage

Your brand can and should be your most valuable asset, and reputation is a major component of brand value – the extent to which the community feels it can rely on your enterprise to deliver quality products and services consistently and safely.

And yet, according to Harvard Business Review “Most companies, however, do an inadequate job of managing their reputations in general and the risks to their reputations in particular. They tend to focus their energies on handling the threats to their reputations that have already surfaced. This is not risk management; it is crisis management—a reactive approach whose purpose is to limit the damage.”

Recent research by Nielsen underlines that employees are a company’s greatest assets when it comes to reputation management. “From a reputational perspective, employees can play a big role in both protecting against and introducing risk.”

Mitigation

The bad news is that we can never be absolutely sure that bringing new hires into an organisation won’t expose us to one or more of the above risks. The good news is that there is one single mitigation that eliminates the largest constituent element. Screening ensures that the people you hire are representing themselves with honesty and integrity. Failing to adequately screen incoming employees exposes your reputation and your brand to uncontrolled risk.