Continuing our UK theme this week, we note a birthday anniversary and the anniversary of an event involving two quite different Charlie’s. The first is the anniversary of the Battle of Culloden, where in 1746 the English forces, led by the Duke of Cumberland, defeated the Scottish Jacobites, who supported the last serious Stuart Pretender to the English throne, Bonnie Prince Charlie. This battle not only cemented the House of Hanover’s seat on the English throne but also led to the decimation of the Scottish Highland Clans. In a very different anniversary celebration, we also note the birthday of Charlie Chaplin, born in 1889. Yes, the Little Tramp was a Brit.
Whilst flying over to the UK I caught up on some reading, including the Saturday Wall Street Journal (WSJ). In an article, entitled “Why Airport Security is Broken-And How to Fix It”, Kip Hawley, the former head of the US Transport Security Administration (TSA) provides his prescription on how to fix what he calls “the national embarrassment that our airport security remains”. Pretty strong language by someone who has been “to the top of the mountain.” While I find the security checks we all now go through only mildly inconveniencing, Hawley writes that the US airport security remains “hopelessly bureaucratic and disconnected from the people whom it is meant to protect.”
Hawley believes that the TSA has an incorrect approach to proportionality of the risk faced. He says that by attempting to eliminate all risk, the system is not only a “nightmare for U.S. and visitors from overseas” but that this system is “brittle where it needs to be supple.” In the aftermath of the post 9-11 attacks the system was designed so every passenger could avoid harm while traveling. Hawley believes that some of the risk factors which led to the 9-11 attacks have been remedied, such as box cutters or a small knives that could breach a cockpit door; more Federal Air Marshalls traveling on flights and greater passenger awareness and willingness to respond to such an emergency. He believes that the risk, which is now paramount, to manage is to stop a catastrophic attack. In short the risks have changed but the TSA have not changed to manage new or other risks.
Hawley lays out five changes which he believes would go a long way towards allowing the TSA to properly manage this risk of catastrophic attack:
- No more banned items. By listing every banned item, you make each X-Ray scan an “Easter-egg hunt” and provide terrorists with the list of items the TSA will look for.
- Allow all liquids. Hawley believes that “simple checkpoint signage, a small software update and some traffic management are all that are standing between you and bringing all your liquids on a plane. Really.”
- Give TSA officers more flexibility and rewards for initiative and hold them accountable. There must be more independence for TSA officers ‘on the ground.’ Currently if you initiate independence as a TSA officer, you are more likely to be disciplined rather than rewarded.
- Eliminate baggage fees. The airlines bags fees cause more passengers to bring bags on planes, which requires more security, increases costs and slows down the process which in turn requires airlines to charge more for tickets because there are more delays.
- Randomize security. If terrorists know what to expect at airport security, they have a greater chance to evade the system. Hawley’s answer is to randomize more security checks while not subjecting every passenger to the current full security compliment.
I have set out Hawley’s thoughts in some detail because they point to how the UK Ministry of Justice (MOJ) suggests that a company should begin its anti-bribery/anti-corruption compliance program. It discusses what constitutes the Six Principles of an Adequate Procedures compliance program in Principle 1, entitled Proportionate Procedures, the MOJ Guidance states, “A commercial organisation’s procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation’s activities.” In other words, adequate anti-bribery prevention procedures should be proportionate to the bribery risks that a company faces. It all begins with a risk assessment, but the Guidance recognizes that “To a certain extent the level of risk will be linked to the size of the organisation and the nature and complexity of its business.” However, company size is not to be the only determining factor as certainly smaller entities may face quite significant risks and, therefore, need more extensive procedures than their counterparts facing limited risks. The Guidance does recognize that the majority of small organizations are unlikely to need procedures that are as extensive as those of a large multi-national organization.
The level of risk that a business may face will also vary with the type and nature of the persons with which it is has third party relationships. A company that properly assesses it has no risk of bribery on the part of one of its third party relationships will accordingly require nothing in the way of procedures to prevent bribery in the context of that relationship. By the same token the bribery risks associated with reliance on a third party agent representing a company in negotiations with foreign public officials may be assessed as significant and accordingly require much more in the way of procedures to mitigate those risks. This means that companies will be required to select procedures to cover a broad range of risks but any consideration by a “court in an individual case of the adequacy of procedures is likely necessarily to focus on those procedures designed to prevent bribery on the part of the associated person committing the offence in question.”
Near the end of this section of the Guidance it states, “the procedures should seek to ensure there is a practical and realistic means of achieving the organisation’s stated anti-bribery policy objectives across all of the organisation’s functions.” This sounds quite similar to Hawley’s plea that the TSA needs to change its risk management away from protecting every passenger from harm while traveling to preventing a catastrophic attack. But perhaps this final point from the Guidance points up to why the TSA cannot or will not make this change in risk management. They have not received firm guidance from the Executive Branch or from US Congress on what their primary mission is, and hence the primary risk the TSA must manage. In other words, if top management does not support the Compliance Department or forces it to focus on the wrong risks, a Compliance Department may well miss the mark and cause its clients, the business unit personnel to become fed up and just as irritated with the Compliance Department as Hawley believes the traveling public is with the TSA. In other words, tone at the top does matter. Not only must senior management support the compliance function but it should support it, with the appropriate financial resources and tools to manage the correct risks.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2012