Interviews

Bill Waite, Risk Advisory Group

by Mark Rowe

The UK is good at, and London is a centre for, risk management consultancy – to help businesses chart a course through ever more complex rules and some difficult places. The proposed licensing of private investigators is a risk faced by the risk consultancies. We visit one.

Bill Waite is holding a can of soft drink when he greets me, but the casual appearances – he’s not wearing a tie – deceive. The CEO of Risk Advisory Group, and the business risk consultancy he founded, are hard-working and business-like. As those at the Security Industry Authority annual conference would have heard in November, when Bill Waite went through his queries about the proposed SIA licensing of private investigators. In a meeting room – I sit at a corner of the table where there’s his business card – Bill pours me coffee, offers some biscuits on a white plate, and makes his case.

First problem – and showing his legal background? – he points to the very wide definition of investigator in the original, Private Security Industry Act 2001 (PSIA) – ‘schedule two, paragraph four’. It covers anything, unless you are a private individual, around making enquiries to obtain information about a person; or a set of facts. The definition could include head-hunters; a private equity house looking at a deal; or a nominated adviser (NOMAD) looking into a listing on a stock exchange. “It’s so wide as to be impossible to effectively regulate.” He recalls that the law was meant to protect the public from people who were pretending to have investigative skills they didn’t have, and who were ripping off clients; or, the law was to protect people from invasive investigative techniques, such as physical surveillance.

The SIA, Bill suggests, does not know what such firms as Risk Advisory do and would not know how to regulate them. How to train the investigator who does due diligence or seeks to trace assets; and how to certify that the training is good? More than once Bill makes the point that he isn’t against regulation, ‘but it should be directed at the identified harms, which were behind the [PSIA] Act in the first place’. What then, does a firm such as Risk Advisory do (others include Kroll; and Control Risks, which are only based along the road from Risk Advisory on the south Bank of the Thames). “A lot of what we do is about ensuring that corporates discharge obligations placed on them by the state, to protect the integrity of the financial markets, to ensure they don’t breach the Bribery Act, they don’t fund terrorist groups, transfer technology in breach of sanctions.” Bill says there’s a risk that a very broad regulatory regime might actually hinder their ability to do these things. Risk Advisory is speaking with the Home Office (as it’s Home Secretary Theresa May who in the summer said the SIA would do this licensing) and the SIA, ‘to try to make them more aware of the issues, in the hope but not the expectation’ to change the primary legislation, the PSIA; or the exemptions; or in some way affect the impact of the Act on companies like Risk Advisory. Bill Waite raises the point that Theresa May has spoken of having the licensing running in 2014 – in regulation terms, that’s very soon. “Our suggestion would be that you create two categories of licensing – one for those selling services to the public, that are subject to far more scrutiny”; and one for firms such as Risk Advisory, whose clients are multi-nationals, or multi-laterals, or law firms on behalf of multi-laterals (and who can mind their own business and who have recourse through insurers if suffering damage as a result of Risk Advisory’s work).

Bill makes another point; that the Act is ‘significantly anti-competitive’. He and his firm would have to be licensed, but if he goes up a floor at his More London Riverside offices, to the law firm Norton Rose, and does the same work, he won’t have to. Law firms are regulated by the Solicitors Regulation Authority (SRA). Likewise if Bill were to work in-house or for an accountancy firm. Bill harks back to the What Price Privacy? report by the data protection watchdog the Information Commissioner’s Office (which deplored the blagging of and trading in data). Who was guilty of paying for the blaggers? Law firms, accountants and local authorities!? Risk Advisory, then, are saying that lawyers, accountants, and in-house people doing surveillance (or managing it) or formally interviewing people should equally be licensed under the PSIA. “So we are not against licensing per se,” Bill sums up, “we think it is a very good idea, to ensure that people have a proper competency and skills to do what they are charging clients to do. What we are saying is that it should be directed at the harms that were behind the Act in the first place and directed at people doing the damage.” As he adds, and as he said at the SIA conference, we already have criminal laws – against the interception of communications, he gives as an example; the Data Protection Act, I offer. Shouldn’t you use the tools you have and not add to admin (and the Coalition is supposed to be so against bureaucracy, in autumn 2010 it proposed to abolish the SIA!)? But as Bill points out, the Government has the problem of the journalistic exemption; there’s a tension between the right under freedom of the press, to investigate thoroughly, in the public interest, ‘and the reality which is that a lot of journalists have been playing fast and loose with every law there is, both data protection law and privacy law’. And what of the Bribery Act? In sum, then, as Bill admits, the Government has a headache; to ensure the integrity of the press; and to act (and to be seen to act) against excesses by investigators, or investigators in the name of journalists or whoever is the client. Risk Advisory, and doubtless other such firms, are lobbying for their corner of business.

Which begs the question; what is the business of such consultancies as Risk Advisory? Bill Waite went through some of the company’s work.

First, employee screening, or rather CV verification, mainly driven originally by banks, to ensure that their staff were ‘fit and proper’. The consultants are verifying the educational and other facts on the CV. Does the candidate have any civil judgements? Is their previous employment history the same as the job applicant says? The candidate fills in an online form and gives consent to the consultancy to check. Besides the screening results, the way it’s done matters, Bill suggests – if the task is passed to a call centre in Manila that bothers referees with many phone calls and loses documents – the confidence of the candidate in the employer paying for that checking is undermined. While Risk Advisory’s screening very much has a focus on Europe, Bill adds that the screeners are from some 30 nationalities.

I ask, are there more CV fraud and lies in a recession? Bill doesn’t know. He does recall the beginning of the recession found more lying about skills, experience and qualifications than before the recession, ‘because as the job market tightened people were keener to demonstrate that they were better suited to the job’. Now? Bill suspects more undisclosed county court judgements (CCJs), because people have been under financial pressure for five or six years; and they might be well qualified for a job, but they might prefer to hide a CCJ. I suggest that such screening is just an aid to the employer; if a lie is uncovered, that does not automatically disqualify someone from a job? Bill answers that it depends on the sector. Financial services are subject to the FCA; if there’s a discrepancy on an educational qualification or a CCJ, the regulator might well ask the bank; why employ that person? And the bank had better have an explanation. ”And sometimes people make honest mistakes,” Bill adds, wondering aloud if he could recall correctly, if typing an online CV at speed, all his O and A level grades. That said, as he adds, if someone says they have a first-class degree and in fact they got a third … that is not something you forget.

On the political and security business risk side Risk Advisory offers its Security Intelligence and Analysis Service (SIAS), which Bill stresses gives clients actionable information (and timely, as it’s no good hearing about a demonstration in the capital city that ends in a riot, after the event). “It isn’t a re-hash of what’s on Fox News or CNN or other data feeds; and that is predominantly supplied to multi-national businesses.” Another service is Terrorism Tracker, which logs terrorism incidents, by place and local impact – what damage is caused, who is likely to have been behind it; the methods. Hence a client can map such events and change operations accordingly. Similarly Risk Advisory offers a ‘risk aware’ service for clients of Aon.

Is it even possible, I asked, to say anything to a business usefully predictive about the future, given how the world has become complicated in ways it never was during the Cold War and was not supposed to become when the Soviet Union fell? Bill replies: “The world has changed a lot in the last 20 years so while we don’t have the same risk of Armaggedon, we have a huge amount of localised disruption and we can all understand the reasons for that, they don’t need rehearsing, but yes, it does help our clients to understand there is going to be a major demonstration in Bahrain tomorrow at 2pm, because they can then tell their staff about that and take proper action to protect themselves.” Likewise it is useful to a business with assets in Lebanon to know there was a car bomb in downtown Beirut; that did such damage; and the army are responding thus. To repeat, actionable intelligence so that the client can make their mind up. Bill mentions an online travel security training programme that a client can require staff to take; if the executive is going somewhere ranked too hostile, the employer can decide whether to allow the exec to go or not.

Or, the client may be going to a new market for the first time: Nigeria, or Russia, Angola or India? A client may need what Bill terms ‘litigation support’, or checks on local parties. The partner that says they have the rights to extract minerals; do they? Or, they do, but because they paid bribes to locals? Likewise can the local customs clearance agent really get your goods out the docks fast; or do they manage it by paying bribes?! Clients, then, instruct consultancies such as Risk Advisory for regulatory or reputational reasons, so the multi-national doesn’t work with money-launderers or bribe-payers (because even bribes paid or indeed taken abroad fall under the UK Bribery Act). That said, checks are for commercial reasons also; does the local partner have the funds to exploit the mineral field that they say they have? Why bother with such places, you might wonder? Because as Bill adds, new markets might be the only way a European telecoms firm, or a bank or a supermarket chain, for instance, can expand. This, then, is the business of Risk Advisory; to advise and analyse for clients so that they can decide what business to do.

It’s as true of security and defence product manufacturers: given the slump in Europe and America; the most promising markets may be in the nastiest places. Risk Advisory has some security and defence clients. Any (free!) market intelligence for them? I ask. Bill describes the London Olympics as a huge success for UK plc, and indeed UK Security plc; whether the access control, response capability or crowd control. “And there’s lots of countries out there that need them,” Bill said. He gave a case of a Middle East country that spent hundreds of millions on control technology from China; ‘half of it didn’t work and the half that did wasn’t fit for purpose. So I think the Olympics has created a very significant opportunity for UK plc, UK Security plc, to go out there and sell our skills and our competencies and experience; and we are selling it, with demonstrable success’. Whether airports or sports centres, ‘there’s a huge, huge market out there, so people have got to go after it, haven’t they?’

About Bill Waite
A founder of Risk Advisory, he trained as a barrister and worked for the Serious Fraud Office as a prosecuting counsel. Visit www.riskadvisory.net.

Related News

  • Interviews

    Women meet

    by Mark Rowe

    In the week that the people of Scotland voted on the independence question, the Women’s Security Society brought over 100 men and…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing